[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] libtelnet: do not accept duplicate table entry names
|
From: |
Erik Auerswald |
|
Subject: |
Re: [PATCH] libtelnet: do not accept duplicate table entry names |
|
Date: |
Sun, 10 Jul 2022 13:45:46 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 |
Hi,
On 12.02.22 20:53, Erik Auerswald wrote:
the function "genget()" in the file "libtelnet/genget.c" does not detect
duplicated table entries. Instead it returns the first entry as an "exact
match".
Checking for duplicated command names instead of exiting early on an exact
match would have masked the NULL pointer dereference bugs in setcmd() and
unsetcmd(). As such it could be interpreted as making the code more
robust.
The attached "inetutils-libtelnet-genget-reject_duplicate_commands.patch"
implements duplicate table entry name detection by removing the early exit
on exact match.
This patch would introduce an unintended limitation:
It would no longer be possible to have two keys where one is a
prefix of the other.
I am not aware of any instance of this in the current code, but
then I have not audited it for this possibility.
If less ancient cryptographic methods were ever added to telnet,
it might be useful to allow such keys (e.g., "aes" and "aes256",
or "sha3" and "sha384").
Thus I'd say that only two exact matches should be rejected.
A single exact match should still override an incomplete match.
This would require to add some code, not only to remove two
lines as done in the patch.
Therefore I'd suggest to ignore this patch.
Thanks,
Erik
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH] libtelnet: do not accept duplicate table entry names,
Erik Auerswald <=