Re: Signed integer overflow in telnet.

"Theo de Raadt" writes: > Noone uses telnet, we (mostly) killed it! > > https://www.openbsd.org/images/tshirt-9b.jpg > > There is no way in heck this code is going to be converted in OpenBSD > to use strtol(), which is even more willing to eat junk. I don't disagree. Especially on the strtol par

Signed integer overflow in telnet.

Hi, Earlier this week I committed this change in GNU Inetutils [1]. When sending the 'send dont ' telnet command, the value is not checked for overflow. Likewise for 'do', 'will', 'wont'. Another GNU Inetutils developer segfaults doing 'send dont 2147483648' and 'send dont 9223372034707292160' bu

Re: strmode should take a mode_t instead of int.

Mark Kettenis wrote: >> +#ifndef _MODE_T_DEFINED_ >> +#define _MODE_T_DEFINED_ >> +typedef __mode_tmode_t; >> +#endif > > It may be safer to drop this bit... > >> +void strmode(mode_t, char *); > ...and use __mode_t in the prototype and implementation. Someone including might expect

strmode should take a mode_t instead of int.

Hi, I noticed that strmode(3) says that the first argument should be mode_t. OpenBSD declares it with int which is not compatible since mode_t appears to be unsigned, from what I can tell. NetBSD fixed this a long time ago and FreeBSD did the same before the 14.0 release. Apologies for the lack