Apple-2gs-SW
/
telnetd
mirror of https://github.com/sheumann/telnetd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Catch any attempted buffer overflows. The magic numbers in this code 

(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@76690 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
This commit is contained in:
nsayer 2001-05-16 18:27:09 +00:00
parent ebece97cb0
commit 0a0c02d634
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libtelnet/sra.c
View File

@ -90,9 +90,9 @@ int server;
str_data[3] = TELQUAL_IS;
user = (char *)malloc(256);
xuser = (char *)malloc(512);
xuser = (char *)malloc(513);
pass = (char *)malloc(256);
xpass = (char *)malloc(512);
xpass = (char *)malloc(513);
if (user == NULL || xuser == NULL || pass == NULL || xpass ==
NULL)
@ -158,6 +158,8 @@ int cnt;
case SRA_USER:
/* decode KAB(u) */
if (cnt > 512) /* Attempted buffer overflow */
break;
memcpy(xuser,data,cnt);
xuser[cnt] = '\0';
pk_decode(xuser,user,&ck);
@ -167,6 +169,8 @@ int cnt;
break;
case SRA_PASS:
if (cnt > 512) /* Attempted buffer overflow */
break;
/* decode KAB(P) */
memcpy(xpass,data,cnt);
xpass[cnt] = '\0';