[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#264846: telnet: Buffer Overrun by unchecked environment variables

On Thu, Aug 12, 2004 at 10:04:52AM +0200, Bernhard R. Link wrote:
> I may be utterly confused, but that patch does look quite strange.
> It may make it near to impossible to introduce code, but only reduces 
> the problem: strncpy will not '\0'-terminate the string, so that the
> following "/.telnetrc" will be written to some random position.
> and even if there was some termination, 127 chars plus 10 chars
> for "/.telnetrc" is still more than the reserved 128. (thus when
> having $HOME 116 to 126 chars one could even control where the
> /.telnetrc letters get to).

That patch is wrong.  Please direct your comments at the patch for dynamic
allocation I just sent instead.

Robert Millan

(Debra and Ian) (Gnu's Not (UNiplexed Information and Computing System))/\
(kernel of *(Berkeley Software Distribution))

Reply to: