1
Description: Fix buffer overflow when $HOME is large.
2
Very long values of $HOME will extend beyond fixed rcbuf[128].
3
In its stead, use dynamic allocation.
6
Bug-Debian: http://bugs.debian.org/264846
7
Comment: Introduced in netkit-telnet_0.17-25.
9
Last-Update: 2004-08-13
11
--- netkit-telnet-0.17.orig/telnet/commands.cc
12
+++ netkit-telnet-0.17/telnet/commands.cc
13
@@ -2139,22 +2139,18 @@
16
void cmdrc(const char *m1, const char *m2, const char *port) {
17
- static char *rcname = 0;
18
- static char rcbuf[128];
19
+ char *rcname = NULL;
23
readrc(m1, m2, port, "/etc/telnetrc");
25
- rcname = getenv("HOME");
27
- strcpy(rcbuf, rcname);
30
- strcat(rcbuf, "/.telnetrc");
33
+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1)
35
+ perror ("asprintf");
38
readrc(m1, m2, port, rcname);
42
#if defined(IP_OPTIONS) && defined(HAS_IPPROTO_IP)