[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: telnet: Handle integer overflow gracefully.
|
From: |
Simon Josefsson |
|
Subject: |
Re: telnet: Handle integer overflow gracefully. |
|
Date: |
Sun, 25 Aug 2024 16:37:26 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
> Hi,
>
> On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
>>
>> I've pushed the attached patch removing an integer overflow from telnet.
>
> Thanks! Should this be added to NEWS?
Thanks Collin, and yes please :)
>> The overflow occurs went sending 'send dont <value>' but the value
>> exceeds INT_MAX.
>
> 'send dont <value>' is a "hidden" command, i.e., it is not shown in the
> output of 'send ?', because the 'help' string is NULL (see the definition
> of Sendlist[] in telnet/commands.c). Does someone know the reason to
> hide this command (and similar ones) from the online help?
I don't know the history -- but (sounding like a broken record by now)
did anyone check *BSD telnet behaviour? I'm not a fan of intentionally
not documentating supported commands, so +1 on any patch to document
this from me, regardless of what *BSD telnet does.
/Simon
signature.asc
Description: PGP signature
Re: telnet: Handle integer overflow gracefully., Erik Auerswald, 2024/08/26