ref: b0313558fa9b7e14967a6dea019bfa288e421cc9
parent: 8f0db9f172617e54368422de1ee688eeae22941c
author: Jacob Moody <moody@posixcafe.org>
date: Mon May 16 23:25:30 EDT 2022
aux/listen: remove special cases for depreciated datakit The getserv function has remained mostly unchanged since 1ed. These checks are for handling string local ports or lack thereof. This was used by datakit at the time, where 'ports' were service strings. This made the default datakit service 'login' when a connector did not give a specific service. The checks for directory traversal also seemed specifically to guard against a connector from providing a malicious service string. With datakit gone all current protocols use numerics as ports so these checks and defaults become uneeded. 1ed reference: https://github.com/plan9foundation/plan9/tree/1e-1992-09-21
--- a/sys/src/cmd/aux/listen.c
+++ b/sys/src/cmd/aux/listen.c
@@ -481,28 +481,19 @@
long n;
readstr(dir, "remote", s->remote, sizeof(s->remote)-1);
- if(p = utfrune(s->remote, L'\n'))
+ if(p = utfrune(s->remote, '\n'))
*p = '\0';
n = readstr(dir, "local", addr, sizeof(addr)-1);
if(n <= 0)
return 0;
- if(p = utfrune(addr, L'\n'))
+ if(p = utfrune(addr, '\n'))
*p = '\0';
- serv = utfrune(addr, L'!');
+ serv = utfrune(addr, '!');
if(!serv)
- serv = "login";
- else
- serv++;
-
- /*
- * disallow service names like
- * ../../usr/user/bin/rc/su
- */
- if(strlen(serv) +strlen(proto) >= NAMELEN || utfrune(serv, L'/') || *serv == '.')
return 0;
- snprint(s->serv, sizeof s->serv, "%s%s", proto, serv);
+ snprint(s->serv, sizeof s->serv, "%s%s", proto, serv+1);
return 1;
}
--
⑨