From tlyu@MIT.EDU Thu Oct 10 12:56:35 1996
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA28983 for <bugs@RT-11.MIT.EDU>; Thu, 10 Oct 1996 12:56:34 -0400
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
id AA25070; Thu, 10 Oct 96 12:56:33 EDT
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA12305; Thu, 10 Oct 1996 12:56:31 -0400
Message-Id: <199609172114.RAA25691@jik.tiac.net>
Date: Tue, 17 Sep 1996 17:14:33 -0400
From: "Jonathan I. Kamens" <jik@jik.tiac.net>
To: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
Responsible-Changed-From-To: gnats-admin->hartmans
Responsible-Changed-By: tlyu
Responsible-Changed-When: Thu Oct 10 13:05:55 1996
Responsible-Changed-Why:
refiled
State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Mon Oct 14 02:14:27 1996
State-Changed-Why:
Actually, this is also applied before
Gnats happened.
before calling cmdrc() because that function can blow away the memory
in which tn()'s arguments were stored.
Here's a patch:
--- telnet/commands.c 1996/09/17 19:57:31 1.5
+++ telnet/commands.c 1996/09/17 19:58:25 1.6
@@ -2564,7 +2564,13 @@
auth_encrypt_connect(connected);
#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
} while (connected == 0);
+ if (user)
+ user = strdup(user);
+ if (hostp)
+ hostp = strdup(hostp);
cmdrc(hostp, hostname);
+ if (hostp)
+ free(hostp);
if (autologin && user == NULL) {
struct passwd *pw;
@@ -2576,6 +2582,8 @@
else
user = NULL;
}
+ if (user)
+ user = strdup(user);
}
if (user) {
env_define((unsigned char *)"USER", (unsigned char *)user);
@@ -2584,6 +2592,8 @@
(void) call(status, "status", "notmuch", 0);
if (setjmp(peerdied) == 0)
telnet(user);
+ if (user)
+ free(user);
(void) NetClose(net);
ExitString("Connection closed by foreign host.\r\n",1);
/*NOTREACHED*/
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA28983 for <bugs@RT-11.MIT.EDU>; Thu, 10 Oct 1996 12:56:34 -0400
Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP
id AA25070; Thu, 10 Oct 96 12:56:33 EDT
Received: by tesla-coil.MIT.EDU (5.x/4.7) id AA12305; Thu, 10 Oct 1996 12:56:31 -0400
Message-Id: <199609172114.RAA25691@jik.tiac.net>
Date: Tue, 17 Sep 1996 17:14:33 -0400
From: "Jonathan I. Kamens" <jik@jik.tiac.net>
To: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
Subject: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
Show quoted text
>Number: 98
>Category: telnet
>Synopsis: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
>Confidential: yes
>Severity: serious
>Priority: high
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Oct e 12:57:05 EDT 1996
>Last-Modified: Mon Oct e 02:15:38 EDT 1996
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: telnet
>Synopsis: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
>Confidential: yes
>Severity: serious
>Priority: high
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Oct e 12:57:05 EDT 1996
>Last-Modified: Mon Oct e 02:15:38 EDT 1996
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->hartmans
Responsible-Changed-By: tlyu
Responsible-Changed-When: Thu Oct 10 13:05:55 1996
Responsible-Changed-Why:
refiled
State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Mon Oct 14 02:14:27 1996
State-Changed-Why:
Actually, this is also applied before
Gnats happened.
Show quoted text
>Unformatted:
The tn() function in telnet/commands.c needs to stash its argumentsbefore calling cmdrc() because that function can blow away the memory
in which tn()'s arguments were stored.
Here's a patch:
--- telnet/commands.c 1996/09/17 19:57:31 1.5
+++ telnet/commands.c 1996/09/17 19:58:25 1.6
@@ -2564,7 +2564,13 @@
auth_encrypt_connect(connected);
#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
} while (connected == 0);
+ if (user)
+ user = strdup(user);
+ if (hostp)
+ hostp = strdup(hostp);
cmdrc(hostp, hostname);
+ if (hostp)
+ free(hostp);
if (autologin && user == NULL) {
struct passwd *pw;
@@ -2576,6 +2582,8 @@
else
user = NULL;
}
+ if (user)
+ user = strdup(user);
}
if (user) {
env_define((unsigned char *)"USER", (unsigned char *)user);
@@ -2584,6 +2592,8 @@
(void) call(status, "status", "notmuch", 0);
if (setjmp(peerdied) == 0)
telnet(user);
+ if (user)
+ free(user);
(void) NetClose(net);
ExitString("Connection closed by foreign host.\r\n",1);
/*NOTREACHED*/