Re: Bug#264846: telnet: Buffer Overrun by unchecked environment variables

To: Josh Martin <jmartin@columbiaservices.net>, 264846@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#264846: telnet: Buffer Overrun by unchecked environment variables
From: Robert Millan <rmh@debian.org>
Date: Thu, 12 Aug 2004 11:08:55 +0200
Message-id: <[🔎] 20040812090855.GA25495@khazad.dyndns.org>
In-reply-to: <[🔎] 20040812080452.GA32347@pcpool00.mathematik.uni-freiburg.de>
References: <200408101012.06248.jmartin@columbiaservices.net> <[🔎] 20040812080452.GA32347@pcpool00.mathematik.uni-freiburg.de>

On Thu, Aug 12, 2004 at 10:04:52AM +0200, Bernhard R. Link wrote:
> 
> I may be utterly confused, but that patch does look quite strange.
> It may make it near to impossible to introduce code, but only reduces 
> the problem: strncpy will not '\0'-terminate the string, so that the
> following "/.telnetrc" will be written to some random position.
> and even if there was some termination, 127 chars plus 10 chars
> for "/.telnetrc" is still more than the reserved 128. (thus when
> having $HOME 116 to 126 chars one could even control where the
> /.telnetrc letters get to).

That patch is wrong.  Please direct your comments at the patch for dynamic
allocation I just sent instead.

-- 
Robert Millan

(Debra and Ian) (Gnu's Not (UNiplexed Information and Computing System))/\
(kernel of *(Berkeley Software Distribution))

Reply to:

References:
- Re: telnet: Buffer Overrun by unchecked environment variables
  - From: "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de>

Prev by Date: Re: telnet: Buffer Overrun by unchecked environment variables
Next by Date: [OT] Is calculating an MD5 hash of a Rjindael encrypted block and it's key insecure?
Previous by thread: Re: telnet: Buffer Overrun by unchecked environment variables
Next by thread: [OT] Is calculating an MD5 hash of a Rjindael encrypted block and it's key insecure?
Index(es):
- Date
- Thread