|From:||"Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>|
|Date:||Thu, 31 Mar 2005 18:11:41 +0200|
telnet started coredumping on me today...
Not sure how long this has been there but I found the following lurking in telnet.c. I #if 0 it out (as below) the coredumping stops. Not 100% of the correct fix. But the calculation of 'len' in the removed case is guaranteed to be negative. Later on this number is used to size a memcpy() which of course blows up. :)
-- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low $$$ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Description: This is a digitally signed message part