Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!ace.ee.lbl.gov!leres
From: leres@ace.ee.lbl.gov (Craig Leres)
Newsgroups: comp.bugs.4bsd
Subject: fingerd allows third party fingers
Message-ID: <1477@helios.ee.lbl.gov>
Date: 14 Dec 88 22:37:40 GMT
Sender: usenet@helios.ee.lbl.gov
Reply-To: leres@helios.ee.lbl.gov (Craig Leres)
Organization: Lawrence Berkeley Laboratory, Berkeley
Lines: 48
Index: etc/fingerd/fingerd.c 4.3BSD +FIX

Description:
	As distributed, fingerd allows third party fingers. This makes
	it impossible for sites who wish to syslog remote finger
	requests to log original site.

Repeat-By:
	Install site logging in fingerd and then do something like:

		% finger @arpa@ucbvax

	The target finger on arpa will look like it was done from
	ucbvax instead of the machine the finger was run on.

Fix:
	Don't allow third party fingers. (Obviously, this only keeps
	your own systems from helping someone do a third party finger,
	but it's a start.)

*** fingerd.c	Wed Dec 14 14:07:32 1988
--- fingerd.c.new	Wed Dec 14 14:29:23 1988
***************
*** 22,28 ****
  #endif /* not lint */
  
  #ifndef lint
! static char sccsid[] = "@(#)fingerd.c	5.4 (Berkeley) 11/23/88";
  #endif /* not lint */
  
  #include <stdio.h>
--- 22,28 ----
  #endif /* not lint */
  #ifndef lint
! static char sccsid[] = "@(#)fingerd.c	5.4++ (Berkeley) 11/23/88";
  #endif /* not lint */
  
  #include <stdio.h>
***************
*** 48,53 ****
--- 48,57 ----
  
  	if (!fgets(line, sizeof(line), stdin))
  		exit(1);
+ 
+ 	/* Don't allow third party fingers */
+ 	if (lp = (char *)index(line, '@'))
+ 		*lp = '\0';
  
  	av[0] = "finger";
  	for (lp = line, ap = &av[1];;) {