Comment by digitalPhonix

14 days ago

The CVE referenced is caused by this commit:

https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c28...

One of the changes is:

    -  getterminaltype (char *user_name, size_t len)
    +  getterminaltype (char *uname, size_t len)

What is the reason for a rename these days? If I saw that in a code review I’d immediately get annoyed (and probably pay more attention)

5 comments

digitalPhonix

naniwaduni 14 days ago

From ChangeLog:

    * telnetd/utility.c (getterminaltype): Change the
      name `user_name' to `uname', as the former shadows a precious
     and global variable name.

ycombinatrix 13 days ago

global variables are public enemy number one
rob74 14 days ago

Congratulations! Now you've got yourself a precious and global(ly exploitable) vulnerability...

ky3 14 days ago

Wouldn't attention to getenv() calls yield more benefit? Such calls are where input typically isn't parsed--because parsing is "hard"--becoming targets for exploit.

The present fix is to sanitize user input. Does it cover all cases?