From: Piotr Durlej Subject: getty: prevent sending empty login names to login(1) To: tech@openbsd.org Date: Fri, 17 Jul 2026 18:57:20 +0200 Hello, this patch prevents getty(8) from sending empty login names to login(1). To reproduce the bug, type some characters, erase the entire line and press enter/return. --- libexec/getty/main.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libexec/getty/main.c b/libexec/getty/main.c index 74b3aa27779..5726d5d6838 100644 --- a/libexec/getty/main.c +++ b/libexec/getty/main.c @@ -59,7 +59,7 @@ struct termios tmode, omode; -int crmod, digit, lower, upper; +int crmod, lower; char hostname[HOST_NAME_MAX+1]; char globalhostname[HOST_NAME_MAX+1]; @@ -318,7 +318,10 @@ main(int argc, char *argv[]) xputs("user names may not start with '-'."); continue; } - if (!(upper || lower || digit)) + for (i = 0; name[i]; i++) + if (isalnum(name[i])) + break; + if (name[i] == '\0') continue; setflags(2); if (crmod) { @@ -381,7 +384,7 @@ getname(void) syslog(LOG_ERR, "%s: %m", ttyn); exit(1); } - crmod = digit = lower = upper = 0; + crmod = lower = 0; np = name; for (;;) { oflush(); @@ -409,8 +412,6 @@ getname(void) } if (islower(c)) lower = 1; - else if (isupper(c)) - upper = 1; else if (c == ERASE || c == '\b') { if (np > name) { if (*--np == '\033') @@ -432,8 +433,7 @@ getname(void) prompt(); np = name; continue; - } else if (isdigit(c)) - digit++; + } if (IG && (c <= ' ' || c > 0176)) continue; *np++ = c; -- 2.53.0