svn commit: r349890 - head/contrib/telnet/telnet
Alexey Dokuchaev
danfe at freebsd.org
Thu Jul 11 01:47:29 UTC 2019
On Wed, Jul 10, 2019 at 05:42:04PM +0000, Philip Paeps wrote:
> New Revision: 349890
> URL: https://svnweb.freebsd.org/changeset/base/349890
>
> Log:
> telnet: fix a couple of snprintf() buffer overflows
>
> Modified: head/contrib/telnet/telnet/commands.c
> @@ -1655,10 +1655,11 @@ env_init(void)
> char hbuf[256+1];
> char *cp2 = strchr((char *)ep->value, ':');
>
> - gethostname(hbuf, 256);
> - hbuf[256] = '\0';
> - cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
> - sprintf((char *)cp, "%s%s", hbuf, cp2);
Would it make sense to add something like __attribute__ ((deprecated))
to those unsafe functions like gets(), sprintf(), etc.? Or it would
cause too much PITA?
./danfe
More information about the svn-src-all
mailing list