bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU


From: Simon Josefsson
Subject: Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU termcap
Date: Fri, 24 Aug 2012 09:11:06 +0200
User-agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux)

Petr Malát <address@hidden> writes:

> Hi,
> I found a problem in terminaltypeok() function, which calls tgetent()
> with 1kB buffer. This is fine, if telnetd is linked against ncurses,
> but if it is linked against GNU termcap, there is a buffer overflow
> for xterm (and maybe other) terminal type, which requires 2030 bytes
> and telnetd crashes. Documentation of GNU termcap proposes making this
> buffer 2kB (see
> http://www.gnu.org/software/termutils/manual/termcap-1.3/html_mono/termcap.html#SEC4).

Sigh, this is really poor design!  I have applied the patch.

> I hope this is my last telnet issue :-)

Me too, but improvements are always appreciated anyway! :-)

Btw, if you want to send more patches, I think you have to start the
copyright assignment process with the FSF.  Let me know offlist and I'll
send you the right form.

/Simon



reply via email to

[Prev in Thread] Current Thread [Next in Thread]