Re: [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error.

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error.

From:	Simon Josefsson
Subject:	Re: [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error.
Date:	Fri, 08 Jul 2022 00:55:13 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:

> Fix off-by-one error in Terminal-Type option subnegotiation if the TERM
> variable has exactly 44 bytes.  In this case the SE byte (end of
> subnegotiation parameters) was replaced by a NUL byte.  This concerns
> the CVE-2019-0053 fixes.  Reported by Erik Auerswald in
> <https://lists.gnu.org/archive/html/bug-inetutils/2022-02/msg00004.html>.

Thank you!

https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=7aa677948c1d3f26c77f7a30f3c48d0a304595a0

/Simon

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error., Simon Josefsson <=

Prev by Date: Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names
Next by Date: Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.
Previous by thread: Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names
Next by thread: Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.
Index(es):
- Date
- Thread