Bug 1415706
Summary: | telnet dumps core with certain combination of parameters | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Ruprich <mruprich> | ||||
Component: | telnet | Assignee: | Michal Ruprich <mruprich> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | luhliari, mruprich, msekleta | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-01-25 10:46:54 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Created attachment 1243603 [details] patch Description of problem: When using the -4 or -6 parameter together with -l and -b, telnet results in a core dump. Telnet uses static array of pointers to save these parameters. When the -4/-6 parameter was added, the array stayed the same size which results in buffer overflow. Expanding the array by one element should resolve the problem. Don't mind the obviously non-existing alias and user in the example. This bug is strictly about the number of parameters in this particular command. Version-Release number of selected component (if applicable): telnet-0.17-65.fc24.x86_64 How reproducible: always Steps to Reproduce: telnet -l user -b alias -4 mx2.skymesh.com.au -- OR -- telnet -l user -b alias -6 mx2.skymesh.com.au Actual results: Trying 180.181.128.97... Couldn't get address for alias telnet: alias: Name or service not known: Success *** stack smashing detected ***: telnet terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x7570b)[0x7f755594b70b] /lib64/libc.so.6(__fortify_fail+0x37)[0x7f75559eae67] /lib64/libc.so.6(__fortify_fail+0x0)[0x7f75559eae30] telnet(+0x498f)[0x55920af7d98f] /lib64/libc.so.6(__libc_start_main+0xf1)[0x7f75558f6731] telnet(+0x49b9)[0x55920af7d9b9] ======= Memory map: ======== 55920af79000-55920af8f000 r-xp 00000000 fd:01 2780097 /usr/bin/telnet ... 7ffff677d000-7ffff677f000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) Expected results: Trying 180.181.128.97... Couldn't get address for alias telnet: alias: Name or service not known: Success