]> git.ipfire.org Git - ipfire-3.x.git/blob - telnet/patches/022-buffer_overflow_by_HOME.diff
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
json-c: Update to version 0.17-20230812
[ipfire-3.x.git] / telnet / patches / 022-buffer_overflow_by_HOME.diff
1 Description: Fix buffer overflow when $HOME is large.
2 Very long values of $HOME will extend beyond fixed rcbuf[128].
3 In its stead, use dynamic allocation.
4
5 Author: Josh Martin
6 Bug-Debian: http://bugs.debian.org/264846
7 Comment: Introduced in netkit-telnet_0.17-25.
8 Forwarded: no
9 Last-Update: 2004-08-13
10
11 --- netkit-telnet-0.17.orig/telnet/commands.cc
12 +++ netkit-telnet-0.17/telnet/commands.cc
13 @@ -2139,22 +2139,18 @@
14 }
15
16 void cmdrc(const char *m1, const char *m2, const char *port) {
17 - static char *rcname = 0;
18 - static char rcbuf[128];
19 + char *rcname = NULL;
20
21 if (skiprc) return;
22
23 readrc(m1, m2, port, "/etc/telnetrc");
24 - if (rcname == 0) {
25 - rcname = getenv("HOME");
26 - if (rcname)
27 - strcpy(rcbuf, rcname);
28 - else
29 - rcbuf[0] = '\0';
30 - strcat(rcbuf, "/.telnetrc");
31 - rcname = rcbuf;
32 - }
33 + if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1)
34 + {
35 + perror ("asprintf");
36 + return;
37 + }
38 readrc(m1, m2, port, rcname);
39 + free (rcname);
40 }
41
42 #if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)
IPFire 3.x development tree