2 files changed, 29 insertions, 0 deletions

diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index da63e0e12..21393afe6 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,10 @@
+Thu Oct 19 01:28:23 1995  Mark W. Eichin  <eichin@cygnus.com>
+
+	* state.c (envvarok): New function, checks environment variables
+	for exceptions that should not be passed to login.
+	(suboption): don't do anything to propagated environment variables
+	if they fail the exception test above.
+
 Mon Oct  9 23:01:36 1995  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* telnetd.c (getterminaltype): If ENCRYPTION defined, send do
diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 420c96de0..8394dee48 100644
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -1078,6 +1078,24 @@ int env_ovalue = -1;
 # define env_ovalue OLD_ENV_VALUE
 #endif	/* ENV_HACK */
 
+/* envvarok(char*) */
+/* check that variable is safe to pass to login or shell */
+static int
+envvarok(varp)
+	char *varp;
+{
+	if (strncmp(varp, "LD_", strlen("LD_")) &&
+	    strncmp(varp, "_RLD_", strlen("_RLD_")) &&
+	    strcmp(varp, "LIBPATH") &&
+	    strcmp(varp, "IFS")) {
+		return 1;
+	} else {
+		/* optionally syslog(LOG_INFO) here */
+		return 0;
+	}
+
+}
+
 /*
  * suboption()
  *
@@ -1416,10 +1434,12 @@ suboption()
 		case NEW_ENV_VAR:
 		case ENV_USERVAR:
 			*cp = '\0';
+			if (envvarok(varp)) {
 			if (valp)
 				(void)setenv(varp, valp, 1);
 			else
 				unsetenv(varp);
+			}
 			cp = varp = (char *)subpointer;
 			valp = 0;
 			break;
@@ -1435,10 +1455,12 @@ suboption()
 		}
 	}
 	*cp = '\0';
+	if (envvarok(varp)) {
 	if (valp)
 		(void)setenv(varp, valp, 1);
 	else
 		unsetenv(varp);
+	}
 	break;
     }  /* end of case TELOPT_NEW_ENVIRON */
 #if	defined(AUTHENTICATION)