[PATCH 1/1] telnet: Fix silent truncation (off-by-one check)

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 1/1] telnet: Fix silent truncation (off-by-one check)

From:	Tim Rühsen
Subject:	[PATCH 1/1] telnet: Fix silent truncation (off-by-one check)
Date:	Mon, 24 Feb 2020 23:07:17 +0100

If the DISPLAY variable had exactly 44 bytes, the SE
byte (end sub negotiation) was silently truncated.
---
 telnet/telnet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/telnet/telnet.c b/telnet/telnet.c
index 297ae0e4..d5d13c14 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -1010,7 +1010,7 @@ suboption (void)
           * protocol must remain unsevered.  Check that DP fits in
           * full within TEMP.  Otherwise report buffer error.
           */
-         if (strlen (dp) > sizeof (temp) - 4 - 2)
+         if (strlen ((char *) dp) >= sizeof (temp) - 4 - 2)
            {
              printf ("lm_will: not enough room in buffer\n");
              break;
--
2.25.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 1/1] telnet: Fix silent truncation (off-by-one check), Tim Rühsen <=

Prev by Date: Re: inetutils
Next by Date: happy hacking welcome to tim rühsen
Previous by thread: Re: [PATCH] inetutils: fix the rcp couldn't copy subdirectory issue
Next by thread: happy hacking welcome to tim rühsen
Index(es):
- Date
- Thread