Hi,
Earlier this week I committed this change in GNU Inetutils [1]. When
sending the 'send dont <value>' telnet command, the value is not checked
for overflow. Likewise for 'do', 'will', 'wont'.
Another GNU Inetutils developer segfaults doing 'send dont 2147483648'
and 'send dont 9223372034707292160' but I cannot reproduce it.
Here is a rough patch I wrote to usr.bin/telnet/commands.c that should
fix it. I don't have an OpenBSD machine at the moment so I can't compile
and test it. Sorry about that.
--- commands.c 2024-08-25 19:21:24.316731997 -0700
+++ commands-fixed.c 2024-08-25 19:27:17.500422616 -0700
@@ -358,7 +358,7 @@
{
char **cpp;
extern char *telopts[];
- int val = 0;
+ long int val = 0;
if (isprefix(name, "help") || isprefix(name, "?")) {
int col, len;
@@ -389,14 +389,12 @@
if (cpp) {
val = cpp - telopts;
} else {
- char *cp = name;
+ char *cp = NULL;
- while (*cp >= '0' && *cp <= '9') {
- val *= 10;
- val += *cp - '0';
- cp++;
- }
- if (*cp != 0) {
+ errno = 0;
+ val = strtol(name, &cp, 10);
+
+ if (*cp != 0 || errno != 0) {
fprintf(stderr, "'%s': unknown argument ('send %s ?' for
help).\r\n",
name, cmd);
return 0;
Collin
[1]
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=a6d9848a32fafa763548e54b44cb094abdac915d
