[patchlogo]

Debian patch tracking system

- cfingerd - cfingerd/1.4.3-3 - direct patch of src/standard.c

cfingerd (1.4.3-3) src/standard.c

Summary

 src/standard.c |   35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)
download this patch

Patch contents

--- cfingerd-1.4.3.orig/src/standard.c
+++ cfingerd-1.4.3/src/standard.c
@@ -155,6 +155,7 @@
 	    fflush(stdout);
 	}
 
+	USER_PRIVS(uid, gid);
 	if (exist(d)) {
 	    NOBODY_PRIVS;
 
@@ -163,9 +164,14 @@
 		fflush(stdout);
 	    }
 
+	    USER_PRIVS(uid, gid);
 	    if ((file = open_file(d)) != NULL)
+	    {
+		NOBODY_PRIVS;
 		display_file(uid, gid, file);
+           }
 	} else {
+	    NOBODY_PRIVS;
 	    if (!(prog_config.config_bits3 & SHOW_HEADERS_FE))
 		printf("%s\n", prog_config.p_strings[t3]);
 	    else
@@ -206,6 +212,7 @@
 	    fflush(stdout);
 	}
 
+	USER_PRIVS(uid, gid);
 	if (exist(d)) {
 	    NOBODY_PRIVS;
 
@@ -214,9 +221,13 @@
 		fflush(stdout);
 	    }
 
-	    if ((open_file (d)) != NULL)
+	    USER_PRIVS(uid, gid);
+	    if ((file = open_file (d)) != NULL) {
+		NOBODY_PRIVS;
 		display_file(uid, gid, file);
+           }
 	} else {
+	    NOBODY_PRIVS;
 	    if (!(prog_config.config_bits3 & SHOW_HEADERS_FE))
 		printf("%s\n", prog_config.p_strings[t3]);
 	}
@@ -376,11 +387,21 @@
     sprintf(dev_file, "/dev/%s", tty);
 
     USER_PRIVS(nuid, ngid);
-    stat((char *) dev_file, &buf);
+    if (stat((char *) dev_file, &buf) != 0) {
+	NOBODY_PRIVS;
+	return;
+    }
     NOBODY_PRIVS;
 
+    if (!buf.st_atime || !buf.st_mtime)
+	return;
+
     cur_time = time(NULL);
-    diff_time = (long) cur_time - (long) buf.st_mtime;
+    diff_time = buf.st_mtime < buf.st_atime
+		? (long) cur_time - (long) buf.st_mtime
+		: (long) cur_time - (long) buf.st_atime;
+    if (diff_time < 0)
+	diff_time = 0;
 
     sec = min = hour = day = has = 0;
 
@@ -394,7 +415,7 @@
 	sec = has = 1;
 
     if (has)
-	printf(" Idle ");
+	printf(" idle ");
 
     if (day) {
 	day = diff_time / 86400;
@@ -1002,21 +1023,21 @@
 		memset(uname, 0, 600);
 		printf("\nChecking site %s for the specified user.\n", prog_config.forward[nums]);
 		fflush(stdout);
-		snprintf(uname, sizeof(uname), "/usr/bin/finger \"%s\100%s\" | /usr/bin/tail +2", username, prog_config.forward[nums]);
+		snprintf(uname, sizeof(uname), "/usr/bin/finger \"%s\100%s\" | /usr/bin/tail -n +2", username, prog_config.forward[nums]);
 		if ((buf = safe_exec(NOBODY_UID, NOBODY_GID, uname)) != NULL) {
 		    printf ("%s", buf);
 		    fflush(stdout);
 		    free (buf);
 		}
 		nums++;
-		log(LOG_USER, "Forwarded: ", username);
+		mylog(LOG_USER, "Forwarded: ", username);
 	    }
 	} else {
 	    show_notexist();
 	}
     } else {
 	show_fingerinfo(username);
-	log(LOG_USER, "Normal: ", username);
+	mylog(LOG_USER, "Normal: ", username);
     }
 
     if ((!(prog_config.config_bits2 & SHOW_FINGERFWD)) ||
page code/design/content is copyright (c) 2008 sean finney <seanius@debian.org>.
patches viewed/retrieved through this system are copyrighted by their respective authors.
browse git repo - clone git repo