CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2019/12/04 02:51:49
Modified files:
lib/libc/gen : Tag: OPENBSD_6_5 auth_subr.c authenticate.c
lib/libc/hidden: Tag: OPENBSD_6_5 bsd_auth.h
usr.bin/login : Tag: OPENBSD_6_5 login.c
usr.bin/su : Tag: OPENBSD_6_5 su.c
Log message:
This is 6.5/021_libcauth.patch.sig
libc's authentication privsep layer performed insufficient username
validation. Repair work mostly by markus and millert, first of all
solving the primary problem, then adding some additional validation
points. And then futher validation in login and su.
Reported by Qualys
