I re-formatted it and slightly edited it. Mats, could you throw an eye too?
2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> uucpd: Fix buffer overflows. This fixes several missing string termination issues with strncpy. Also 'remotehost' with size NI_MAXHOST was strcpy'ed into 'line' which just had 32 bytes on the stack. * src/uucpd.c (dologout): Increase 'line' array in size. Use exisiting macro SCPYN instead of strncpy. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> uucpd: Fix heap buffer overflow. Usernames >= 56 bytes would overflow the char arrays Username and Logname. This change mitigates this, but still silently truncates these arrays. Silent truncation should be checked throughout the code possibly within a more comprehensive code review. * src/uucpd.c: Increase Username and Logname to 72 bytes. (doit): Use snprintf instead of sprintf. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> telnet: Use strdup instead malloc+strcpy. * telnet/commands.c (tn): Use strdup instead malloc+strcpy. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> telnet: Fix -Wsign-compare in suboption. * telnet/telnet.c (suboption): Explicit cast to int to silence -Wsign-compare. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> telnetd: Silence -Wimplicit-fallthrough. * telnetd/state.c (willoption): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> telnetd: Silence unused warning for getterminaltype. * telnetd/utility.c (getterminaltype): Silence warning. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Silence -Wimplicit-fallthrough warning. * ftp/domacro.c (domacro): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Silence -Wimplicit-fallthrough. * ftp/cmds.c (domap): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Fix multipliers for M(ega) and G(iga). This is *not* a fix as the git comment accidentally states. It is to silence -Wimplicit-fallthrough and to avoid multiple multiplications in case of a non-optimized build. The 'hashbytes' type needs to be reviewed later as g/G only allows digits 1 and 2 without integer overflow, which is undefined behavior. * ftp/cmds.c (sethash): Remove cascaded multiplications. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Fix return value of remglob. * ftp/cmds.c (remglob): Turn around NULL check. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Fix strncpy misuse (leading to buffer overflow). * ftp/ftp.c (hookup): Terminate string after strncpy. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ftp: Fix 2x misuse of strncpy (read buffer overflow). * ftp/ftp.c (pswitch): Correctly set the terminating 0. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> talk: Fix uninitialized variable 'nready'. * talk/ctl_transact.c (ctl_transact): Initialize nready to 0. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> whois: Silence -Wimplicit-fallthrough. * whois/whois.c (main): Use /* FALLTHROUGH */ to indicate fallthrough. 2020-02-29 Tim Rühsen <tim.rueh...@gmx.de> ping, ping6: Silence -Wimplicit-fallthrough. The comment /* FALLTHROUGH */ is well-known by several C/C++ compilers to indicate an explicit fallthrough. An alternative is the gcc attribute 'fallthrough' which is less compatible and thus not chosen here. * ping/ping.c (parse_opt): Use /* FALLTHROUGH */ to indicate fallthrough. * ping/ping6.c (parse_opt): Likewise. 2020-02-17 Tim Rühsen <tim.rueh...@gmx.de> ping6: Fix memleak in ping_set_dest. * ping/ping6.c (ping_set_dest): Add 'const' to param 'host'. Rerrange code to avoid memory leak. * ping/ping6.h (ping_set_dest): Add 'const' to param 'host'. 2020-02-17 Tim Rühsen <tim.rueh...@gmx.de> ping: Fix memleak in ping_set_dest. * ping/libping.c (ping_set_dest): Add 'const' to param 'host'. Rerrange code to avoid memory leak. * ping/ping.h (ping_set_dest): Add 'const' to param 'host'. 2020-02-16 Tim Rühsen <tim.rueh...@gmx.de> libls: Remove unused variable kflag. * libls/ls.c (ls_main): Remove unused variable 'kflag'. 2020-02-16 Tim Rühsen <tim.rueh...@gmx.de> ftpd: Fix multiple definition of 'errcatch' (gcc 10). * ftpd/extern.h: Remove 'extern' from 'errcatch'. 2020-02-16 Tim Rühsen <tim.rueh...@gmx.de> telnetd: Fix multiple definition of 'not42' (gcc 10). * telnetd/utility.c: Remove 'extern' from 'not42'. 2020-02-16 Tim Rühsen <tim.rueh...@gmx.de> * src/rcp.c (tolocal): Remove unused variable 'len'. 2020-02-16 Tim Rühsen <tim.rueh...@gmx.de> telnet: Fix silent truncation (off-by-one check) If the DISPLAY variable had exactly 44 bytes, the SE byte (end sub negotiation) was silently truncated. * telnet/telnet.c (suboption): Use >= instead of >.