telnetd: Validate key length prior to copying into a fixed buffer.
authorPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Dec 2011 18:16:31 +0000 (10:16 -0800)
committerPeter Avalos <pavalos@dragonflybsd.org>
Fri, 23 Dec 2011 18:21:41 +0000 (10:21 -0800)
commite2decfa00070772e0f0eb2531bad6efdb84a403b
tree94ff343b4bddb1f6510921c216747a4ce029608f
parent701e05820ec80b00089f2b984aca9b194b7a7ce2
telnetd:  Validate key length prior to copying into a fixed buffer.

It's possible for a remote attacker to execute arbitrary code with the
privileges of the telnetd daemon (normally root) prior to this fix.
CVE-2011-4862

Obtained-from:   FreeBSD-SA-11:08.telnetd
lib/libtelnet/encrypt.c