Subject: bin/12004: telnet and tn3270 have buffer overflow
To: None <gnats-bugs@gnats.netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-bugs
Date: 01/19/2001 17:39:20
>Number: 12004
>Category: bin
>Synopsis: tn3270 and telnet get Seg Fault when argument is long
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jan 19 17:42:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Jeremy C. Reed
>Release: 1.5.1_ALPHA
>Organization:
>Environment:
System: NetBSD rainier 1.5.1_ALPHA NetBSD 1.5.1_ALPHA (JCR-1.5-20010108) #0: Mon Jan 8 09:25:45 PST 2001 reed@rainier:/usr/src/sys/arch/i386/compile/JCR-1.5-20010108 i386
>Description:
telnet and tn3270 get a segmentation fault from a bad strcpy in
telnet/commands.c.
For further details look at:
http://mail-index.netbsd.org/current-users/2001/01/18/0062.html
http://mail-index.netbsd.org/current-users/2001/01/19/0007.html
>How-To-Repeat:
Use a 99999-character command line argument.
>Fix:
I guess it should check if hostp is too long and then give a
friendly error.
Problem I believe is on line 2434.
Or something like:
(void) strncpy(_hostname, hostp, sizeof(_hostname));
>Release-Note:
>Audit-Trail:
>Unformatted: