netkit-telnetd: Fix buffer overflow in netoprintf - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Julius Hemanth Pitti <jpitti@cisco.com>	2020-07-20 15:19:46 -0700
committer	Khem Raj <raj.khem@gmail.com>	2020-07-21 16:46:36 -0700
commit	232b82afd405c526f822294509e1d32388544ed4 (patch)
tree	7583d66df3033b4c5b87760782613ac0a1cb7ccb /meta-python/recipes-devtools/python/python-flask-sqlalchemy.inc
parent	cfa786917343589c1756c1bc7cdf62309d29462f (diff)
download	meta-openembedded-232b82afd405c526f822294509e1d32388544ed4.tar.gz

netkit-telnetd: Fix buffer overflow in netoprintf

netoprintf() was not handling a case where return value of vsnprintf is greater than "size"(2nd argument), results in buffer overflow while adjusting "nfrontp" pointer to point beyond "netobuf" buffer. Here is one such case where "nfrontp" crossed boundaries of "netobuf", and pointing to another global variable. (gdb) p &netobuf[8255] $5 = 0x55c93afe8b1f <netobuf+8255> "" (gdb) p nfrontp $6 = 0x55c93afe8c20 <terminaltype> "\377" (gdb) p &terminaltype $7 = (char **) 0x55c93afe8c20 <terminaltype> (gdb) This resulted in crash of telnetd service with segmentation fault. Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-flask-sqlalchemy.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: