Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU

From:	Simon Josefsson
Subject:	Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU termcap
Date:	Fri, 24 Aug 2012 09:11:06 +0200
User-agent:	Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux)

Petr Malát <address@hidden> writes:

> Hi,
> I found a problem in terminaltypeok() function, which calls tgetent()
> with 1kB buffer. This is fine, if telnetd is linked against ncurses,
> but if it is linked against GNU termcap, there is a buffer overflow
> for xterm (and maybe other) terminal type, which requires 2030 bytes
> and telnetd crashes. Documentation of GNU termcap proposes making this
> buffer 2kB (see
> http://www.gnu.org/software/termutils/manual/termcap-1.3/html_mono/termcap.html#SEC4).

Sigh, this is really poor design!  I have applied the patch.

> I hope this is my last telnet issue :-)

Me too, but improvements are always appreciated anyway! :-)

Btw, if you want to send more patches, I think you have to start the
copyright assignment process with the FSF.  Let me know offlist and I'll
send you the right form.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-inetutils] telnetd bug: Buffer overflow when linked against GNU termcap, Petr Malát, 2012/08/23
- Re: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU termcap, Simon Josefsson <=

Prev by Date: Re: [bug-inetutils] telnetd bug: Busy loop in io_drain can be abused for DOS attack
Next by Date: [bug-inetutils] TFTP client fails with fortified source.
Previous by thread: [bug-inetutils] telnetd bug: Buffer overflow when linked against GNU termcap
Next by thread: [bug-inetutils] TFTP client fails with fortified source.
Index(es):
- Date
- Thread