DragonFly BSD
DragonFly bugs List (threaded) for 2005-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

telnet coredumping - telnet.c merge breakage?


From: Andrew Atrens <atrens@xxxxxxxxxxxxxxxxxx>
Date: Thu, 31 Mar 2005 08:55:09 -0500

Folks,

telnet started coredumping on me today...

Not sure how long this has been there but I found the following
lurking in telnet.c. I #if 0 it out (as below) the coredumping stops.
Not 100% of the correct fix. But the calculation of 'len' in the
removed case is guaranteed to be negative. Later on this number is
used to size a memcpy() which of course blows up. :)

Andrew.


# diff -u telnet.c.old telnet.c
--- telnet.c.old        2005-03-28 13:03:33.000000000 -0500
+++ telnet.c    2005-03-31 08:49:17.000000000 -0500
@@ -1478,7 +1478,9 @@
        len = opt_replyp - opt_reply + 2;
        if (opt_replyp + 2 > opt_replyend)
                return;
+#if 0
        len = opt_replyp + 2 - opt_replyend;
+#endif
        if (emptyok || len > 6) {
                *opt_replyp++ = IAC;
                *opt_replyp++ = SE;




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]