The CVE referenced is caused by this commit:

https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c28...

One of the changes is:

    -  getterminaltype (char *user_name, size_t len)
    +  getterminaltype (char *uname, size_t len)

What is the reason for a rename these days? If I saw that in a code review I’d immediately get annoyed (and probably pay more attention)

▲ naniwaduni 14 hours ago | parent | next [-]

From ChangeLog:

    * telnetd/utility.c (getterminaltype): Change the
      name `user_name' to `uname', as the former shadows a precious
     and global variable name.

	▲	rob74 14 hours ago \| parent [-]
		Congratulations! Now you've got yourself a precious and global(ly exploitable) vulnerability...

▲ 14 hours ago | parent | prev | next [-]

[deleted]

▲ ky3 14 hours ago | parent | prev [-]

Wouldn't attention to getenv() calls yield more benefit? Such calls are where input typically isn't parsed--because parsing is "hard"--becoming targets for exploit.

The present fix is to sanitize user input. Does it cover all cases?