[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd
From: |
Simon Josefsson |
Subject: |
Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd (dereference NULL pointer ---> SEGV) |
Date: |
Tue, 30 Aug 2022 22:46:08 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
>> I have attached a completely untested, not even compile
>> tested, patch to do this (just the code changes, no NEWS
>> or commit log or anything). Please test before committing.
>
> I have tested the patch now, it compiles and prevents the
> crash by preventing the NULL pointer dereference.
Thanks -- looks good to me, would you like to commit it? Please add a
suitable NEWS entry.
Do you see any way to check for regressions that doesn't involve running
telnetd/telnet on the command line? I'm thinking a automake C check
that links to relevant internals.
A new release would be nice, maybe we can throw in some other
improvement as well.
/Simon
signature.asc
Description: PGP signature