Bugtraq mailing list archives
Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd
From: Christos Zoulas <christos () ZOULAS COM>
Date: Wed, 15 Nov 2000 17:55:27 -0500
On Nov 14, 2:30pm, security-advisories () FREEBSD ORG (FreeBSD Security Advisories) wrote: -- Subject: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd The code below is incorrect at least on the version of telnetd I am looking at. A few lines above the uni-diff "line" is declared to be "extern char *" thus sizeof(line) will return sizeof(char *), which is not what is clearly wrong. Also the patch is missing a few more possible buffer overflows that may or may not be significant. christos | --- telnetd.c 2000/01/25 14:52:00 1.22 | +++ telnetd.c 2000/10/31 05:29:54 1.23 | @@ -811,7 +811,7 @@ | fatal(net, "Out of ptys"); | | if ((pty = open(lp, 2)) >= 0) { | - strcpy(line,lp); | + strlcpy(line,lp,sizeof(line)); | line[5] = 't'; | break; | }
Current thread:
- FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd FreeBSD Security Advisories (Nov 16)
- Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd Christos Zoulas (Nov 17)