Fix buffer overflows in the telnet client

2026-01-12 00:19:39 +08:00 · 2009-12-28 00:45:49 +01:00
parent ef77ea4de5
commit 21584f8eef
4 changed files with 21 additions and 11 deletions
--- a/8
+++ b/8
@@ -1,3 +1,11 @@
+2009-12-28  Giuseppe Scrivano  <gscrivano@gnu.org>
+	Reported by: Zhitong Wangzt <zhitong.wangzt@alibaba-inc.com>
+
+	* bootstrap.conf (gnulib_modules): Add `xvasprintf'.
+	* telnet/commands.c (cmdrc): Alloc `rcname' dinamically.
+	(m1save): Remove.
+	(rcbuf): Remove.
+
 2009-12-19  Alfred M. Szmidt  <ams@gnu.org>

 	* configure.ac: Bump version number to 1.7.90.
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -78,6 +78,7 @@ xgetcwd
 xgetdomainname
 xgethostname
 xsize
+xvasprintf
 "

 # Read local configuration file
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -18,6 +18,7 @@ argp-version-etc.h
 argp-xinl.c
 argp.h
 asnprintf.c
+asprintf.c
 at-func.c
 basename-lgpl.c
 basename.c
@@ -225,6 +226,7 @@ unlinkat.c
 unlocked-io.h
 vasnprintf.c
 vasnprintf.h
+vasprintf.c
 verify.h
 version-etc-fsf.c
 version-etc.c
@@ -238,6 +240,7 @@ wctype.h
 wctype.in.h
 xalloc-die.c
 xalloc.h
+xasprintf.c
 xgetcwd.c
 xgetcwd.h
 xgetdomainname.c
@@ -248,3 +251,5 @@ xmalloc.c
 xsize.h
 xstrndup.c
 xstrndup.h
+xvasprintf.c
+xvasprintf.h
--- a/telnet/commands.c
+++ b/telnet/commands.c
@@ -97,6 +97,9 @@
 #include "defines.h"
 #include "types.h"

+#include "xalloc.h"
+#include "xvasprintf.h"
+
 #if !defined(CRAY) && !defined(sysV88)
 # ifdef HAVE_NETINET_IN_SYSTM_H
 #  include <netinet/in_systm.h>
@@ -3008,7 +3011,6 @@ help (int argc, char *argv[])
 }

 static char *rcname = 0;
-static char rcbuf[128];

 static void
 cmdrc (char *m1, char *m2)
@@ -3018,23 +3020,17 @@ cmdrc (char *m1, char *m2)
  int gotmachine = 0;
  int l1 = strlen (m1);
  int l2 = strlen (m2);
-  char m1save[64];

  if (skiprc)
    return;

-  strcpy (m1save, m1);
-  m1 = m1save;
-
  if (rcname == 0)
    {
-      rcname = getenv ("HOME");
-      if (rcname)
-	strcpy (rcbuf, rcname);
+      const char *home = getenv ("HOME");
+      if (home)
+        rcname = xasprintf ("%s/.telnetrc", home);
      else
-	rcbuf[0] = '\0';
-      strcat (rcbuf, "/.telnetrc");
-      rcname = rcbuf;
+        rcname = xstrdup ("/.telnetrc");
    }

  if ((rcfile = fopen (rcname, "r")) == 0)