Synopsis: telnetd(8) options overflow
NetBSD versions: 1.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.5.1, -current
Thanks to: David Maxwell
Reported in NetBSD Security Advisory: NetBSD-SA2001-012

*** telnetd.c.orig      Thu Jul 19 17:03:57 2001
--- telnetd.c   Thu Jul 19 17:04:10 2001
*************** recv_ayt()
*** 1697,1704 ****
               return;
       }
 #endif
!       (void) strcpy(nfrontp, "\r\n[Yes]\r\n");
!       nfrontp += 9;
 }

       void
--- 1697,1711 ----
               return;
       }
 #endif
!       /* Flush outstanding data if possible. If not, and buffers are
!          full, break protocol and send no reply, rather than overflow
!          the buffer.
!        */
!       netflush();
!       if ( (BUFSIZ - (nfrontp - netobuf)) > 9 ) {
!               (void) strcpy(nfrontp, "\r\n[Yes]\r\n");
!               nfrontp += 9;
!       }
 }

       void

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.