Created attachment 1243603 [details] patch Description of problem: When using the -4 or -6 parameter together with -l and -b, telnet results in a core dump. Telnet uses static array of pointers to save these parameters. When the -4/-6 parameter was added, the array stayed the same size which results in buffer overflow. Expanding the array by one element should resolve the problem. Don't mind the obviously non-existing alias and user in the example. This bug is strictly about the number of parameters in this particular command. Version-Release number of selected component (if applicable): telnet-0.17-65.fc24.x86_64 How reproducible: always Steps to Reproduce: telnet -l user -b alias -4 mx2.skymesh.com.au -- OR -- telnet -l user -b alias -6 mx2.skymesh.com.au Actual results: Trying 180.181.128.97... Couldn't get address for alias telnet: alias: Name or service not known: Success *** stack smashing detected ***: telnet terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x7570b)[0x7f755594b70b] /lib64/libc.so.6(__fortify_fail+0x37)[0x7f75559eae67] /lib64/libc.so.6(__fortify_fail+0x0)[0x7f75559eae30] telnet(+0x498f)[0x55920af7d98f] /lib64/libc.so.6(__libc_start_main+0xf1)[0x7f75558f6731] telnet(+0x49b9)[0x55920af7d9b9] ======= Memory map: ======== 55920af79000-55920af8f000 r-xp 00000000 fd:01 2780097 /usr/bin/telnet ... 7ffff677d000-7ffff677f000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) Expected results: Trying 180.181.128.97... Couldn't get address for alias telnet: alias: Name or service not known: Success