Noone uses telnet, we (mostly) killed it!
https://www.openbsd.org/images/tshirt-9b.jpg
There is no way in heck this code is going to be converted in OpenBSD
to use strtol(), which is even more willing to eat junk.
In our world, someone should adapt this to strtonum(), which is
a cynical string to integer API with range-control built in.
Collin Funk <collin.fu...@gmail.com> wrote:
> Hi,
>
> Earlier this week I committed this change in GNU Inetutils [1]. When
> sending the 'send dont <value>' telnet command, the value is not checked
> for overflow. Likewise for 'do', 'will', 'wont'.
>
> Another GNU Inetutils developer segfaults doing 'send dont 2147483648'
> and 'send dont 9223372034707292160' but I cannot reproduce it.
>
> Here is a rough patch I wrote to usr.bin/telnet/commands.c that should
> fix it. I don't have an OpenBSD machine at the moment so I can't compile
> and test it. Sorry about that.
>
> --- commands.c 2024-08-25 19:21:24.316731997 -0700
> +++ commands-fixed.c 2024-08-25 19:27:17.500422616 -0700
> @@ -358,7 +358,7 @@
> {
> char **cpp;
> extern char *telopts[];
> - int val = 0;
> + long int val = 0;
>
> if (isprefix(name, "help") || isprefix(name, "?")) {
> int col, len;
> @@ -389,14 +389,12 @@
> if (cpp) {
> val = cpp - telopts;
> } else {
> - char *cp = name;
> + char *cp = NULL;
>
> - while (*cp >= '0' && *cp <= '9') {
> - val *= 10;
> - val += *cp - '0';
> - cp++;
> - }
> - if (*cp != 0) {
> + errno = 0;
> + val = strtol(name, &cp, 10);
> +
> + if (*cp != 0 || errno != 0) {
> fprintf(stderr, "'%s': unknown argument ('send %s ?' for
> help).\r\n",
> name, cmd);
> return 0;
>
> Collin
>
> [1]
> https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=a6d9848a32fafa763548e54b44cb094abdac915d
>
