Description of problem: The telnet command (client) fails to parse ~/.telnetrc because of a bug in telnet/commands.c, function cmdrc(). Strangely this works when rebuiling the package from the source RPM using "make", but not with "rpmbuild". This seems to be related to the compilation flag -Wp,-D_FORTIFY_SOURCE=2 used by rpmbuild (and not by a single make). After some debug, it turns out that this issue is caused by strncpy used on dest/src overlaping buffers at lines 2220,2222,2224. This is not allowed acording to strncpy man page. The problem can be fixed by replacing the three strncpy() with memmove(). Version-Release number of selected component (if applicable): telnet-0.17-68.fc25.x86_64 But I guess the problem is the same with several other fedora or RHEL releases as the telnet code is nearly untouched. How reproducible: Easily Steps to Reproduce: 1. Use a ~/.telnetrc file with content : serialsrv mode char set binary 2. Run : telnet serialsrv 3. The message "Negotiating binary mode with remote host." should be displayed if ~/.telnetrc is correctly parsed. Actual results: No "Negotiating binary mode with remote host." message Expected results: "Negotiating binary mode with remote host." message Additional info: When processing the line "serialsrv" in cmdrc(), after the three stncpy we should have line[0] = 0x0a (LF) but we have 0x00 when the problem occurs.
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Hi Gilles, thanks for the info. As the problem really lies in the -Wp,D_FORTIFY_SOURCE=2 options. After some debugging I found out that the strncpy buffers are just fine, no overlapping there. But for some reason when the line variable is used in the source code, the '\n' gets removed from the variable for some reason. That is why on line 2227 the 'if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')' gets a hit and no file gets parsed.
Hi Michal, You're right about the '\n' that gets removed for some reason. I saw exactly the same thing. The first workaround I tried was to use 'if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n' && line[0] != '\0')' instead. But as replacing strncpy with memmove worked fine, I tried to discover why strncpy was failing... and I end up with this overlaping buffers issue. For me, removing the first n characters of a string by copying its content from offset n to offset 0 (as done in command.c) is something overlaping : strncpy(line, &line[l1], sizeof(line) - l1); strncpy(line, &line[l2], sizeof(line) - l2); strncpy(line, &line[7], sizeof(line) - 7); and if any optimization is done for copying, we may end up with a corrupted source data and then a corrupted destination, which is what I suspect here.
Yes, memmove works. Memcpy should as well but in it has similar problem with overlapping as strcpy so memmove should be our choice here i guess. I will try to change it and then run this through some tests.
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
telnet-0.17-72.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7ed457b41d
telnet-0.17-73.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-50845be5a2
telnet-0.17-72.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7ed457b41d
telnet-0.17-73.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-50845be5a2
telnet-0.17-73.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
telnet-0.17-72.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.