telnet coredumping - telnet.c merge breakage?
Andrew Atrens
atrens at nortelnetworks.com
Thu Mar 31 05:55:09 PST 2005
Folks,
telnet started coredumping on me today...
Not sure how long this has been there but I found the following
lurking in telnet.c. I #if 0 it out (as below) the coredumping stops.
Not 100% of the correct fix. But the calculation of 'len' in the
removed case is guaranteed to be negative. Later on this number is
used to size a memcpy() which of course blows up. :)
Andrew.
# diff -u telnet.c.old telnet.c
--- telnet.c.old 2005-03-28 13:03:33.000000000 -0500
+++ telnet.c 2005-03-31 08:49:17.000000000 -0500
@@ -1478,7 +1478,9 @@
len = opt_replyp - opt_reply + 2;
if (opt_replyp + 2 > opt_replyend)
return;
+#if 0
len = opt_replyp + 2 - opt_replyend;
+#endif
if (emptyok || len > 6) {
*opt_replyp++ = IAC;
*opt_replyp++ = SE;
More information about the Bugs
mailing list