diff options
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/ftpd.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index fd44a6077d..ead623aefd 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,8 @@ +Fri Mar 12 07:35:01 1999 Tom Yu <tlyu@mit.edu> + + * ftpd.c (user): Remove extra "%s" in call to sprintf() to avoid + dereferencing stack garbage. + Mon Mar 8 23:47:51 1999 Tom Yu <tlyu@mit.edu> * ftpd.M: Resync with reality. diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 71709dceae..f880734a5e 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -765,7 +765,7 @@ user(name) #ifdef KRB5_KRB4_COMPAT if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { authorized = kuserok(&kdata,name) == 0; - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s%s", + sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", kdata.pname, *kdata.pinst ? "." : "", kdata.pinst, kdata.prealm, authorized ? "" : " not", name); |