[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: happy hacking welcome to tim rühsen
From: |
Alfred M. Szmidt |
Subject: |
Re: happy hacking welcome to tim rühsen |
Date: |
Tue, 03 Mar 2020 12:30:43 -0500 |
I re-formatted it and slightly edited it. Mats, could you throw an
eye too?
2020-02-29 Tim Rühsen <address@hidden>
uucpd: Fix buffer overflows.
This fixes several missing string termination issues with strncpy.
Also 'remotehost' with size NI_MAXHOST was strcpy'ed into 'line'
which just had 32 bytes on the stack.
* src/uucpd.c (dologout): Increase 'line' array in size. Use
exisiting macro SCPYN instead of strncpy.
2020-02-29 Tim Rühsen <address@hidden>
uucpd: Fix heap buffer overflow.
Usernames >= 56 bytes would overflow the char arrays Username and
Logname. This change mitigates this, but still silently truncates
these arrays. Silent truncation should be checked throughout the
code possibly within a more comprehensive code review.
* src/uucpd.c: Increase Username and Logname to 72 bytes.
(doit): Use snprintf instead of sprintf.
2020-02-29 Tim Rühsen <address@hidden>
telnet: Use strdup instead malloc+strcpy.
* telnet/commands.c (tn): Use strdup instead malloc+strcpy.
2020-02-29 Tim Rühsen <address@hidden>
telnet: Fix -Wsign-compare in suboption.
* telnet/telnet.c (suboption): Explicit cast to int to silence
-Wsign-compare.
2020-02-29 Tim Rühsen <address@hidden>
telnetd: Silence -Wimplicit-fallthrough.
* telnetd/state.c (willoption): Use /* FALLTHROUGH */ to indicate
fallthrough.
2020-02-29 Tim Rühsen <address@hidden>
telnetd: Silence unused warning for getterminaltype.
* telnetd/utility.c (getterminaltype): Silence warning.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Silence -Wimplicit-fallthrough warning.
* ftp/domacro.c (domacro): Use /* FALLTHROUGH */ to indicate
fallthrough.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Silence -Wimplicit-fallthrough.
* ftp/cmds.c (domap): Use /* FALLTHROUGH */ to indicate
fallthrough.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Fix multipliers for M(ega) and G(iga).
This is *not* a fix as the git comment accidentally states. It is
to silence -Wimplicit-fallthrough and to avoid multiple
multiplications in case of a non-optimized build. The 'hashbytes'
type needs to be reviewed later as g/G only allows digits 1 and 2
without integer overflow, which is undefined behavior.
* ftp/cmds.c (sethash): Remove cascaded multiplications.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Fix return value of remglob.
* ftp/cmds.c (remglob): Turn around NULL check.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Fix strncpy misuse (leading to buffer overflow).
* ftp/ftp.c (hookup): Terminate string after strncpy.
2020-02-29 Tim Rühsen <address@hidden>
ftp: Fix 2x misuse of strncpy (read buffer overflow).
* ftp/ftp.c (pswitch): Correctly set the terminating 0.
2020-02-29 Tim Rühsen <address@hidden>
talk: Fix uninitialized variable 'nready'.
* talk/ctl_transact.c (ctl_transact): Initialize nready to 0.
2020-02-29 Tim Rühsen <address@hidden>
whois: Silence -Wimplicit-fallthrough.
* whois/whois.c (main): Use /* FALLTHROUGH */ to indicate
fallthrough.
2020-02-29 Tim Rühsen <address@hidden>
ping, ping6: Silence -Wimplicit-fallthrough.
The comment /* FALLTHROUGH */ is well-known by several C/C++
compilers to indicate an explicit fallthrough. An alternative is
the gcc attribute 'fallthrough' which is less compatible and thus
not chosen here.
* ping/ping.c (parse_opt): Use /* FALLTHROUGH */ to indicate
fallthrough.
* ping/ping6.c (parse_opt): Likewise.
2020-02-17 Tim Rühsen <address@hidden>
ping6: Fix memleak in ping_set_dest.
* ping/ping6.c (ping_set_dest): Add 'const' to param 'host'.
Rerrange code to avoid memory leak.
* ping/ping6.h (ping_set_dest): Add 'const' to param 'host'.
2020-02-17 Tim Rühsen <address@hidden>
ping: Fix memleak in ping_set_dest.
* ping/libping.c (ping_set_dest): Add 'const' to param 'host'.
Rerrange code to avoid memory leak.
* ping/ping.h (ping_set_dest): Add 'const' to param 'host'.
2020-02-16 Tim Rühsen <address@hidden>
libls: Remove unused variable kflag.
* libls/ls.c (ls_main): Remove unused variable 'kflag'.
2020-02-16 Tim Rühsen <address@hidden>
ftpd: Fix multiple definition of 'errcatch' (gcc 10).
* ftpd/extern.h: Remove 'extern' from 'errcatch'.
2020-02-16 Tim Rühsen <address@hidden>
telnetd: Fix multiple definition of 'not42' (gcc 10).
* telnetd/utility.c: Remove 'extern' from 'not42'.
2020-02-16 Tim Rühsen <address@hidden>
* src/rcp.c (tolocal): Remove unused variable 'len'.
2020-02-16 Tim Rühsen <address@hidden>
telnet: Fix silent truncation (off-by-one check)
If the DISPLAY variable had exactly 44 bytes, the SE byte (end sub
negotiation) was silently truncated.
* telnet/telnet.c (suboption): Use >= instead of >.
- Re: happy hacking welcome to tim rühsen, Alfred M. Szmidt, 2020/03/01
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/01
- Re: happy hacking welcome to tim rühsen, Alfred M. Szmidt, 2020/03/01
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/01
- Re: happy hacking welcome to tim rühsen, Alfred M. Szmidt, 2020/03/01
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/01
- Re: happy hacking welcome to tim rühsen,
Alfred M. Szmidt <=
- Re: happy hacking welcome to tim rühsen, Alfred M. Szmidt, 2020/03/20
- Re: happy hacking welcome to tim rühsen, Mats Erik Andersson, 2020/03/20
- Re: happy hacking welcome to tim rühsen, Mats Erik Andersson, 2020/03/21
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/23
- Re: happy hacking welcome to tim rühsen, Mats Erik Andersson, 2020/03/23
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/25
- Re: happy hacking welcome to tim rühsen, Tim Rühsen, 2020/03/01