Bug 247

Summary: telnetd segfaults with a given .telnetrc file
Product: [Retired] Red Hat Linux Reporter: lionel.cons
Component: telnetAssignee: Florian La Roche <laroche>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-04-06 23:46:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description lionel.cons 1998-12-01 12:06:26 UTC 
On a machine with Red Hat Linux 5.1 for i386 and all
the updated RPMs, I see the following:

[mybox] ~ > cat .telnetrc
default environ undefine USER
default set flushoutput off
[mybox] ~ > telnet mybox
Trying 137.138.3.123...
flushoutput character is 'off'.
Connected to mybox.
Escape character is '^]'.
Segmentation fault

/var/log/messages contains:
Dec  1 12:52:59 mybox telnetd[678]: ttloop:  read: Broken
pipe

It works fine when removing the ~/.telnetrc file.
It works also fine on other UNIXes including (but I'm not
100% sure) Red Hat Linux 4.1.
Comment 1 David Lawrence 1998-12-01 16:28:59 UTC 
This has been verified to be a bug. It occurs on systems later than
5.0. It only occurs if the first line is present. I comment it out and
the problem did not occur.
Comment 2 Jeff Johnson 1999-04-06 23:46:59 UTC 
The segfault is actually in telnet, not telnetd.

Fixed (by scrapping the netkit telnet in favor of an OpenBSD client)
in telnet-0.10-24.