top | item 46970983

(no title)

The CVE referenced is caused by this commit:

https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c28...

One of the changes is:

    -  getterminaltype (char *user_name, size_t len)
    +  getterminaltype (char *uname, size_t len)

What is the reason for a rename these days? If I saw that in a code review I’d immediately get annoyed (and probably pay more attention)

discuss

naniwaduni|18 days ago

From ChangeLog:

    * telnetd/utility.c (getterminaltype): Change the
      name `user_name' to `uname', as the former shadows a precious
     and global variable name.

ycombinatrix|17 days ago

global variables are public enemy number one

rob74|18 days ago

Congratulations! Now you've got yourself a precious and global(ly exploitable) vulnerability...

unknown|18 days ago

[deleted]

ky3|18 days ago

Wouldn't attention to getenv() calls yield more benefit? Such calls are where input typically isn't parsed--because parsing is "hard"--becoming targets for exploit.

The present fix is to sanitize user input. Does it cover all cases?