On 03.09.22 19:07, Erik Auerswald wrote:
On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
[...]
did you notice some fuzzing report that wasn't fixed?
[...]
* Problems found in tftp (the code did not change since the report):
* Untrusted Pointer Dereference in getcmd() at
inetutils/src/tftp.c:878
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
That seems to be a missing bounds check in makeargv(), similar
to the old, now fixed, code in telnet.
I'll look into creating a nice reproducer instead of the one
found by the fuzzer, adding a test case, and fixing the bug.