bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: happy hacking welcome to tim rühsen


From: Alfred M. Szmidt
Subject: Re: happy hacking welcome to tim rühsen
Date: Tue, 03 Mar 2020 12:30:43 -0500

I re-formatted it and slightly edited it.  Mats, could you throw an
eye too?

2020-02-29  Tim Rühsen <address@hidden>

        uucpd: Fix buffer overflows.

        This fixes several missing string termination issues with strncpy.
        Also 'remotehost' with size NI_MAXHOST was strcpy'ed into 'line'
        which just had 32 bytes on the stack.

        * src/uucpd.c (dologout): Increase 'line' array in size.  Use
        exisiting macro SCPYN instead of strncpy.

2020-02-29  Tim Rühsen <address@hidden>

        uucpd: Fix heap buffer overflow.

        Usernames >= 56 bytes would overflow the char arrays Username and
        Logname.  This change mitigates this, but still silently truncates
        these arrays.  Silent truncation should be checked throughout the
        code possibly within a more comprehensive code review.

        * src/uucpd.c: Increase Username and Logname to 72 bytes.
        (doit): Use snprintf instead of sprintf.

2020-02-29  Tim Rühsen <address@hidden>

        telnet: Use strdup instead malloc+strcpy.

        * telnet/commands.c (tn): Use strdup instead malloc+strcpy.

2020-02-29  Tim Rühsen <address@hidden>

        telnet: Fix -Wsign-compare in suboption.

        * telnet/telnet.c (suboption): Explicit cast to int to silence
        -Wsign-compare.

2020-02-29  Tim Rühsen <address@hidden>

        telnetd: Silence -Wimplicit-fallthrough.

        * telnetd/state.c (willoption): Use /* FALLTHROUGH */ to indicate
        fallthrough.

2020-02-29  Tim Rühsen <address@hidden>

        telnetd: Silence unused warning for getterminaltype.

        * telnetd/utility.c (getterminaltype): Silence warning.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Silence -Wimplicit-fallthrough warning.

        * ftp/domacro.c (domacro): Use /* FALLTHROUGH */ to indicate
        fallthrough.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Silence -Wimplicit-fallthrough.

        * ftp/cmds.c (domap): Use /* FALLTHROUGH */ to indicate
        fallthrough.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Fix multipliers for M(ega) and G(iga).

        This is *not* a fix as the git comment accidentally states.  It is
        to silence -Wimplicit-fallthrough and to avoid multiple
        multiplications in case of a non-optimized build.  The 'hashbytes'
        type needs to be reviewed later as g/G only allows digits 1 and 2
        without integer overflow, which is undefined behavior.

        * ftp/cmds.c (sethash): Remove cascaded multiplications.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Fix return value of remglob.

        * ftp/cmds.c (remglob): Turn around NULL check.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Fix strncpy misuse (leading to buffer overflow).

        * ftp/ftp.c (hookup): Terminate string after strncpy.

2020-02-29  Tim Rühsen <address@hidden>

        ftp: Fix 2x misuse of strncpy (read buffer overflow).

        * ftp/ftp.c (pswitch): Correctly set the terminating 0.

2020-02-29  Tim Rühsen <address@hidden>

        talk: Fix uninitialized variable 'nready'.

        * talk/ctl_transact.c (ctl_transact): Initialize nready to 0.

2020-02-29  Tim Rühsen <address@hidden>

        whois: Silence -Wimplicit-fallthrough.

        * whois/whois.c (main): Use /* FALLTHROUGH */ to indicate
        fallthrough.

2020-02-29  Tim Rühsen <address@hidden>

        ping, ping6: Silence -Wimplicit-fallthrough.

        The comment /* FALLTHROUGH */ is well-known by several C/C++
        compilers to indicate an explicit fallthrough.  An alternative is
        the gcc attribute 'fallthrough' which is less compatible and thus
        not chosen here.

        * ping/ping.c (parse_opt): Use /* FALLTHROUGH */ to indicate
        fallthrough.
        * ping/ping6.c (parse_opt): Likewise.

2020-02-17  Tim Rühsen <address@hidden>

        ping6: Fix memleak in ping_set_dest.

        * ping/ping6.c (ping_set_dest): Add 'const' to param 'host'.
        Rerrange code to avoid memory leak.
        * ping/ping6.h (ping_set_dest): Add 'const' to param 'host'.

2020-02-17  Tim Rühsen <address@hidden>

        ping: Fix memleak in ping_set_dest.

        * ping/libping.c (ping_set_dest): Add 'const' to param 'host'.
        Rerrange code to avoid memory leak.
        * ping/ping.h (ping_set_dest): Add 'const' to param 'host'.

2020-02-16  Tim Rühsen <address@hidden>

        libls: Remove unused variable kflag.

        * libls/ls.c (ls_main): Remove unused variable 'kflag'.

2020-02-16  Tim Rühsen <address@hidden>

        ftpd: Fix multiple definition of 'errcatch' (gcc 10).

        * ftpd/extern.h: Remove 'extern' from 'errcatch'.

2020-02-16  Tim Rühsen <address@hidden>

        telnetd: Fix multiple definition of 'not42' (gcc 10).

        * telnetd/utility.c: Remove 'extern' from 'not42'.

2020-02-16  Tim Rühsen <address@hidden>

        * src/rcp.c (tolocal): Remove unused variable 'len'.

2020-02-16  Tim Rühsen <address@hidden>

        telnet: Fix silent truncation (off-by-one check)

        If the DISPLAY variable had exactly 44 bytes, the SE byte (end sub
        negotiation) was silently truncated.

        * telnet/telnet.c (suboption): Use >= instead of >.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]