Hello Simon, On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote: > Erik Auerswald <auers...@unix-ag.uni-kl.de> writes: > > >> Please test commit access by pushing the patch, after writing > >> a suitable NEWS entry. > > > > I have just committed and pushed the telnetd crash fix patch[1], > > including a NEWS entry. > > > > [1] https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html > > Looks great!
Thanks! :-) > [...] > did you notice some fuzzing report that wasn't fixed? I think the following reports have not yet been addressed: * Problems found in ftp (the code did not change since the reports): * Untrusted Pointer Dereference in domacro() at inetutils/ftp/domacro.c:186 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00003.html (https://savannah.gnu.org/bugs/?61722) * Infinite Loop in domacro at domacro.c:258 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html https://savannah.gnu.org/bugs/?61724 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00008.html * A heap-buffer-overflow in another () at cmds.c:202 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html * NULL Pointer Dereference in setnmap() at cmds.c:2303 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html https://savannah.gnu.org/bugs/?61723 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00013.html * Problems found in tftp (the code did not change since the report): * Untrusted Pointer Dereference in getcmd() at inetutils/src/tftp.c:878 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html At first glance the above problems might be caused by feeding unexpected input to the ftp and tftp clients. AFAIK the other fuzzer-based crash reports have already been addressed before the release of GNU Inetutils 2.3: * I think you addressed the following two reports: * Heap-based Buffer Overflow in logger https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html (see git commit 8e0df0e80b156a09ff361050bac38bbdcda03aef) * Memory leak in ifconfig https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html (see git commit 6599d2be88c4e44ef88470aef16bf10bd7d67884) [ I did not analyze the above two bug reports or the commits intended ] [ to fix the issues. I just assume that they are addressed based on ] [ the commit log. :-) ] * My patches should have addressed all the reports pertaining to telnet: * NULL Pointer Dereference in setcmd () at commands.c:1152 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html * NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00011.html * NULL Pointer Dereference in help() at inetutils/telnet/commands.c:3094 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html https://savannah.gnu.org/bugs/?61725 https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00009.html https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00012.html > I have a re-implementation of 'arp' that belongs in inetutils, maybe I > should finally add it... I have no objections. ;-) Thanks, Erik