[Bug 270263] telnet buffer overflow if server sends long TELQUAL_NAME for sra

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 270263] telnet buffer overflow if server sends long TELQUAL_NAME for sra"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 14 Apr 2025 22:41:55 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270263

John Baldwin <jhb@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |In Progress
                 CC|                            |emaste@freebsd.org
           Assignee|bugs@FreeBSD.org            |jhb@FreeBSD.org

--- Comment #2 from John Baldwin <jhb@FreeBSD.org> ---
I tested two fixes, in the first, I kept uprompt[] the same size and just
aborted if the prompt size was too long.  In the second case, I added 10 chars
to uprompt so that the prompt fits.  Output from the cases below:

First:

$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

Second:

$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
User
(011111101111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111100): 
000000Connection closed by foreign host.
$

-- 
You are receiving this mail because:
You are the assignee for the bug.