Hi all,
On Mon, Aug 26, 2024 at 08:14:17PM +0200, Erik Auerswald wrote:
> On Sun, Aug 25, 2024 at 04:37:26PM +0200, Simon Josefsson wrote:
> > Erik Auerswald writes:
> > > On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
> > >>
> > >> I've pushed the attached patch removing an intege
Hi Erik,
Erik Auerswald writes:
>> > Thanks! Should this be added to NEWS?
>>
>> Thanks Collin, and yes please :)
>
> How about the following?
Looks good to me.
You might want to mention that it could cause auto-of-bounds memory
access. I wasn't able to cause the SIGSEGV you saw on Fedora 40
Hi,
On Sun, Aug 25, 2024 at 04:37:26PM +0200, Simon Josefsson wrote:
> Erik Auerswald writes:
> > On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
> >>
> >> I've pushed the attached patch removing an integer overflow from telnet.
> >
> > Thanks! Should this be added to NEWS?
>
> Th
Hi all,
On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
> I've pushed the attached patch removing an integer overflow from telnet.
>
> The overflow occurs went sending 'send dont ' but the value
> exceeds INT_MAX.
I was curious if the original integer overflow possibility could lea
Erik Auerswald writes:
> https://github.com/openbsd/src/blob/master/usr.bin/telnet/commands.c
>
> The 'Sendlist[]' there also has no 'help' string for 'dont' and similar
> commands. The 'send_help()" function also omits commands without a
> 'help' string.
>
> This code also seems to have the sam
Hi Simon,
Simon Josefsson writes:
> I don't know the history -- but (sounding like a broken record by now)
> did anyone check *BSD telnet behaviour? I'm not a fan of intentionally
> not documentating supported commands, so +1 on any patch to document
> this from me, regardless of what *BSD teln
Hi,
On Sun, Aug 25, 2024 at 04:37:26PM +0200, Simon Josefsson wrote:
> Erik Auerswald writes:
> > On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
> >> [...]
> >> The overflow occurs went sending 'send dont ' but the value
> >> exceeds INT_MAX.
> >
> > 'send dont ' is a "hidden" comma
Erik Auerswald writes:
> Hi,
>
> On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
>>
>> I've pushed the attached patch removing an integer overflow from telnet.
>
> Thanks! Should this be added to NEWS?
Thanks Collin, and yes please :)
>> The overflow occurs went sending 'send don
Hi,
On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
>
> I've pushed the attached patch removing an integer overflow from telnet.
Thanks! Should this be added to NEWS?
> The overflow occurs went sending 'send dont ' but the value
> exceeds INT_MAX.
'send dont ' is a "hidden" comma
: Fri, 23 Aug 2024 22:48:30 -0700
Subject: [PATCH] telnet: Handle integer overflow gracefully.
* bootstrap.conf (gnulib_modules): Add inttypes and xstrtoimax.
* telnet/commands.c (send_tncmd): Don't allow the integer argument to
'send dont' to overflow.
---
b
10 matches
Mail list logo
