bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: telnet: Handle integer overflow gracefully.

From: Erik Auerswald
Subject: Re: telnet: Handle integer overflow gracefully.
Date: Sun, 25 Aug 2024 18:23:44 +0200 
Hi,

On Sun, Aug 25, 2024 at 04:37:26PM +0200, Simon Josefsson wrote:
> Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
> > On Fri, Aug 23, 2024 at 10:56:30PM -0700, Collin Funk wrote:
> >> [...]
> >> The overflow occurs went sending 'send dont <value>' but the value
> >> exceeds INT_MAX.
> >
> > 'send dont <value>' is a "hidden" command, i.e., it is not shown in the
> > output of 'send ?', because the 'help' string is NULL (see the definition
> > of Sendlist[] in telnet/commands.c).  Does someone know the reason to
> > hide this command (and similar ones) from the online help?
> 
> I don't know the history -- but (sounding like a broken record by now)
> did anyone check *BSD telnet behaviour?  I'm not a fan of intentionally
> not documentating supported commands, so +1 on any patch to document
> this from me, regardless of what *BSD telnet does.

I do not have any *BSD to check on available, and I always forget how
to find their source code.  But I have found something that might be
relevant Telnet client code for OpenBSD:

https://github.com/openbsd/src/blob/master/usr.bin/telnet/commands.c

The 'Sendlist[]' there also has no 'help' string for 'dont' and similar
commands.  The 'send_help()" function also omits commands without a
'help' string.

This code also seems to have the same integer overflow as fixed by
Collin's patch, it at least looks similar to our previous version.

Br,
Erik
reply via email to
[Prev in Thread] Current Thread [Next in Thread]