[2338] in Kerberos-V5-bugs
pending/98: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Thu Oct 10 12:59:35 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, "Jonathan I. Kamens" <jik@jik.tiac.net>
Date: Tue, 17 Sep 1996 17:14:33 -0400
From: "Jonathan I. Kamens" <jik@jik.tiac.net>
To: krb5-bugs@MIT.EDU, kerberos@MIT.EDU
>Number: 98
>Category: pending
>Synopsis: krb5b7: telnet: tn() needs to stash args before calling cmdrc()
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Oct e 12:57:05 EDT 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
The tn() function in telnet/commands.c needs to stash its arguments
before calling cmdrc() because that function can blow away the memory
in which tn()'s arguments were stored.
Here's a patch:
--- telnet/commands.c 1996/09/17 19:57:31 1.5
+++ telnet/commands.c 1996/09/17 19:58:25 1.6
@@ -2564,7 +2564,13 @@
auth_encrypt_connect(connected);
#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
} while (connected == 0);
+ if (user)
+ user = strdup(user);
+ if (hostp)
+ hostp = strdup(hostp);
cmdrc(hostp, hostname);
+ if (hostp)
+ free(hostp);
if (autologin && user == NULL) {
struct passwd *pw;
@@ -2576,6 +2582,8 @@
else
user = NULL;
}
+ if (user)
+ user = strdup(user);
}
if (user) {
env_define((unsigned char *)"USER", (unsigned char *)user);
@@ -2584,6 +2592,8 @@
(void) call(status, "status", "notmuch", 0);
if (setjmp(peerdied) == 0)
telnet(user);
+ if (user)
+ free(user);
(void) NetClose(net);
ExitString("Connection closed by foreign host.\r\n",1);
/*NOTREACHED*/
