>From d5cbd0f0f3d11a6685058d6eb2287efe9fec9d41 Mon Sep 17 00:00:00 2001 From: Mats Erik Andersson Date: Thu, 7 May 2020 17:26:14 +0200 Subject: [PATCH] ChangeLog: Rephrase description of some changes. --- ChangeLog | 51 +++++++++++++++++++++++++++++++-------------------- ftp/cmds.c | 2 +- ping/libping.c | 2 +- 3 files changed, 33 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 06930e1..37603c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2020-05-07 Mats Erik Andersson + * ChangeLog: Rephrase description of some implemented changes. + + * ftp/cmds.c (sethash): Remove an obsolete and now incorrect comment. + * ping/libping.c (ping_set_dest): Update a comment to reflect + a recent change. + +2020-05-07 Mats Erik Andersson + whois: Tweak command line arguments. * whois/whois.c (whichwhois): Skip any single character token, @@ -102,12 +110,14 @@ uucpd: Fix buffer overflows. This fixes several missing string termination issues with strncpy. - Also REMOTEHOST with size NI_MAXHOST was strcpy'ed into LINE which + Also REMOTEHOST of size NI_MAXHOST was strcpy'ed into LINE, which just had 32 bytes on the stack. - * src/uucpd.c (dologout): Increase LINE size. Use exisiting SCPYN + * src/uucpd.c (SCPYN): Promote macro to global scope, but expand + its action by writing the final NUL character. + (dologin): Increase size of LINE. Use existing macro SCPYN instead of strncpy. - (SCPYN): New macro. + [PATH_LASTLOG && HAVE_STRUCT_LASTLOG]: Delete local macro SCPYN. 2020-02-29 Tim Rühsen @@ -116,23 +126,22 @@ Usernames >= 56 bytes would overflow the char arrays Username and Logname. This change mitigates this, but still silently truncates these arrays. Silent truncation should be checked throughout the - code possibly within a more comprehensive code review. + code, possibly within a more comprehensive code review. - * src/uucpd.c (Usernaem, Logname): Increase size to 72 bytes. + * src/uucpd.c (Username, Logname): Increase size to 72 bytes. (doit): Use snprintf instead of sprintf. 2020-02-29 Tim Rühsen telnet: Use strdup instead malloc+strcpy. - * telnet/commands.c (tn): Use strdup instead malloc/strcpy. + * telnet/commands.c (tn): Assign HOSTNAME using strdup(). 2020-02-29 Tim Rühsen telnet: Fix -Wsign-compare in suboption. - * telnet/telnet.c (suboption): Explicit cast to int to silence - -Wsign-compare. + * telnet/telnet.c (suboption): Explicitly cast sizeof() to int. 2020-02-29 Tim Rühsen @@ -174,7 +183,7 @@ ftp: Fix return value of remglob. - * ftp/cmds.c (remglob): Turn around NULL check. + * ftp/cmds.c (remglob): Switch roles of old values after NULL check. 2020-02-29 Tim Rühsen @@ -184,7 +193,7 @@ 2020-02-29 Tim Rühsen - ftp: Fix 2x misuse of strncpy (read buffer overflow). + ftp: Fix two misuses of strncpy (read buffer overflow). * ftp/ftp.c (pswitch): Correctly set the terminating NUL. @@ -198,30 +207,31 @@ whois: Silence -Wimplicit-fallthrough. - * whois/whois.c (main): Squeelch warnings. + * whois/whois.c (main): Squeelch warning. 2020-02-29 Tim Rühsen ping, ping6: Silence -Wimplicit-fallthrough. - * ping/ping.c (parse_opt): Squeelch warnings. + * ping/ping.c (parse_opt): Squeelch warning. * ping/ping6.c (parse_opt): Likewise. 2020-02-17 Tim Rühsen ping6: Fix memleak in ping_set_dest. - * ping/ping6.c (ping_set_dest): Rerrange code to avoid memory - leak. - * ping/ping6.h (ping_set_dest): Change type; update callees. + * ping/ping6.c (ping_set_dest): New function signature. + Rearrange code to avoid memory leak. + * ping/ping6.h (ping_set_dest): Change signature in declaration. 2020-02-17 Tim Rühsen ping: Fix memleak in ping_set_dest. - * ping/libping.c (ping_set_dest): Rerrange code to avoid memory - leak. - * ping/ping.h (ping_set_dest): Change type; update callees. + * ping/libping.c (ping_set_dest): New function signature. + Rearrange code to avoid memory leak. + [HAVE_DECL_GETADDRINFO]: Rename P as RHOST. + * ping/ping.h (ping_set_dest): Change signature in declaration. 2020-02-16 Tim Rühsen @@ -251,9 +261,10 @@ telnet: Fix silent truncation (off-by-one check) If the DISPLAY variable had exactly 44 bytes, the SE byte (end sub - negotiation) was silently truncated. + negotiation) was silently truncated. This concerns CVE-2019-0053. - * telnet/telnet.c (suboption): Use >= instead of >. + * telnet/telnet.c (suboption): Add case of equality in conditional, + supplementing strict inequality. 2020-02-21 Mats Erik Andersson diff --git a/ftp/cmds.c b/ftp/cmds.c index 283e5b8..6ae88e7 100644 --- a/ftp/cmds.c +++ b/ftp/cmds.c @@ -1240,7 +1240,7 @@ sethash (int argc _GL_UNUSED_PARAMETER, char **argv) { case 'g': case 'G': - hashbytes *= 1024 * 1024 * 1024; /* Cascaded multiplication! */ + hashbytes *= 1024 * 1024 * 1024; break; case 'm': case 'M': diff --git a/ping/libping.c b/ping/libping.c index 9bfd9a1..92cd775 100644 --- a/ping/libping.c +++ b/ping/libping.c @@ -296,7 +296,7 @@ ping_set_dest (PING * ping, const char *host) char *rhost; # if defined HAVE_IDN || defined HAVE_IDN2 - rc = idna_to_ascii_lz (host, &rhost, 0); /* P is allocated. */ + rc = idna_to_ascii_lz (host, &rhost, 0); /* RHOST is allocated. */ if (rc) return 1; host = rhost; -- 1.7.3.2