telnetd: Validate key length prior to copying into a fixed buffer.
authorPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Dec 2011 18:16:31 +0000 (10:16 -0800)
committerPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Dec 2011 18:25:00 +0000 (10:25 -0800)
commit69f80b05bfe3b1d4132314fa4b462b1b6d482164
treeb2098350b4d28cbfc8f746d928eb06bcb113ba43
parent6c3e9d773e8db729b746e413e9a196dee39a5676
telnetd:  Validate key length prior to copying into a fixed buffer.

It's possible for a remote attacker to execute arbitrary code with the
privileges of the telnetd daemon (normally root) prior to this fix.
CVE-2011-4862

Obtained-from:   FreeBSD-SA-11:08.telnetd
lib/libtelnet/encrypt.c