subject:"CVS commit\: \[netbsd\-8\] src\/libexec\/telnetd"

CVS commit: [netbsd-8] src/libexec/telnetd

2022-08-29 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Mon Aug 29 16:14:57 UTC 2022

Modified Files:
src/libexec/telnetd [netbsd-8]: telnetd.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #1757):

libexec/telnetd/telnetd.c: revision 1.58 (via patch)

telnetd: fix the crash that's been talked about the past couple days.

(Move initialization of the slc table earlier so it doesn't get
accessed before that happens.)

Calling the crash a DoS or security problem is a bit overwrought; it's
just a bug.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.18.1 src/libexec/telnetd/telnetd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/telnetd/telnetd.c
diff -u src/libexec/telnetd/telnetd.c:1.55 src/libexec/telnetd/telnetd.c:1.55.18.1
--- src/libexec/telnetd/telnetd.c:1.55	Thu Feb 27 18:20:21 2014
+++ src/libexec/telnetd/telnetd.c	Mon Aug 29 16:14:57 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: telnetd.c,v 1.55 2014/02/27 18:20:21 joerg Exp $	*/
+/*	$NetBSD: telnetd.c,v 1.55.18.1 2022/08/29 16:14:57 martin Exp $	*/
 
 /*
  * Copyright (C) 1997 and 1998 WIDE Project.
@@ -65,7 +65,7 @@ __COPYRIGHT("@(#) Copyright (c) 1989, 19
 #if 0
 static char sccsid[] = "@(#)telnetd.c	8.4 (Berkeley) 5/30/95";
 #else
-__RCSID("$NetBSD: telnetd.c,v 1.55 2014/02/27 18:20:21 joerg Exp $");
+__RCSID("$NetBSD: telnetd.c,v 1.55.18.1 2022/08/29 16:14:57 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -682,6 +682,11 @@ doit(struct sockaddr *who)
 	char user_name[256];
 
 	/*
+	 * Initialize the slc mapping table.
+	 */
+	get_slc_defaults();
+
+	/*
 	 * Find an available pty to use.
 	 */
 	pty = getpty();
@@ -748,11 +753,6 @@ telnet(int f, int p)
 	struct pollfd set[2];
 
 	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
-	/*
 	 * Do some tests where it is desireable to wait for a response.
 	 * Rather than doing them slowly, one at a time, do them all
 	 * at once.

CVS commit: [netbsd-8] src/libexec/telnetd

2022-08-29 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Mon Aug 29 16:14:57 UTC 2022

Modified Files:
src/libexec/telnetd [netbsd-8]: telnetd.c

Log Message:
Pull up following revision(s) (requested by dholland in ticket #1757):

libexec/telnetd/telnetd.c: revision 1.58 (via patch)

telnetd: fix the crash that's been talked about the past couple days.

(Move initialization of the slc table earlier so it doesn't get
accessed before that happens.)

Calling the crash a DoS or security problem is a bit overwrought; it's
just a bug.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.55.18.1 src/libexec/telnetd/telnetd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/libexec/telnetd

2022-08-28 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sun Aug 28 13:31:40 UTC 2022

Modified Files:
src/libexec/telnetd [netbsd-8]: utility.c

Log Message:
Pull up following revision(s) (requested by hgutch in ticket #1756):

libexec/telnetd/utility.c: revision 1.34

Fix CVE-2020-10188


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.32.32.1 src/libexec/telnetd/utility.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/telnetd/utility.c
diff -u src/libexec/telnetd/utility.c:1.32 src/libexec/telnetd/utility.c:1.32.32.1
--- src/libexec/telnetd/utility.c:1.32	Mon Jan  9 16:36:48 2012
+++ src/libexec/telnetd/utility.c	Sun Aug 28 13:31:39 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: utility.c,v 1.32 2012/01/09 16:36:48 christos Exp $	*/
+/*	$NetBSD: utility.c,v 1.32.32.1 2022/08/28 13:31:39 martin Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -34,7 +34,7 @@
 #if 0
 static char sccsid[] = "@(#)utility.c	8.4 (Berkeley) 5/30/95";
 #else
-__RCSID("$NetBSD: utility.c,v 1.32 2012/01/09 16:36:48 christos Exp $");
+__RCSID("$NetBSD: utility.c,v 1.32.32.1 2022/08/28 13:31:39 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -43,7 +43,7 @@ __RCSID("$NetBSD: utility.c,v 1.32 2012/
 #define PRINTOPTIONS
 #include "telnetd.h"
 
-char *nextitem(char *);
+char *nextitem(char *, const char *);
 void putstr(char *);
 
 extern int not42;
@@ -143,31 +143,38 @@ ptyflush(void)
  * character.
  */
 char *
-nextitem(char *current)
+nextitem(char *current, const char *endp)
 {
+if (current >= endp) {
+	return NULL;
+}
 if ((*current&0xff) != IAC) {
 	return current+1;
 }
+if (current+1 >= endp) {
+	return NULL;
+}
 switch (*(current+1)&0xff) {
 case DO:
 case DONT:
 case WILL:
 case WONT:
-	return current+3;
+	return current+3 <= endp ? current+3 : NULL;
 case SB:		/* loop forever looking for the SE */
 	{
 	char *look = current+2;
 
-	for (;;) {
+	while (look < endp) {
 		if ((*look++&0xff) == IAC) {
-		if ((*look++&0xff) == SE) {
+		if (look < endp && (*look++&0xff) == SE) {
 			return look;
 		}
 		}
 	}
+	return NULL;
 	}
 default:
-	return current+2;
+	return current+2 <= endp ? current+2 : NULL;
 }
 }  /* end of nextitem */
 
@@ -194,7 +201,7 @@ netclear(void)
 char *thisitem, *next;
 char *good;
 #define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+(nfrontp > p+1) && ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
 
 #ifdef	ENCRYPTION
 thisitem = nclearto > netobuf ? nclearto : netobuf;
@@ -202,7 +209,7 @@ netclear(void)
 thisitem = netobuf;
 #endif	/* ENCRYPTION */
 
-while ((next = nextitem(thisitem)) <= nbackp) {
+while ((next = nextitem(thisitem, nbackp)) != NULL && (next <= nbackp)) {
 	thisitem = next;
 }
 
@@ -214,20 +221,23 @@ netclear(void)
 good = netobuf;	/* where the good bytes go */
 #endif	/* ENCRYPTION */
 
-while (nfrontp > thisitem) {
+while ((thisitem != NULL) && (nfrontp > thisitem)) {
 	if (wewant(thisitem)) {
 	int length;
 
 	next = thisitem;
 	do {
-		next = nextitem(next);
-	} while (wewant(next) && (nfrontp > next));
+		next = nextitem(next, nfrontp);
+	} while ((next != NULL) && wewant(next) && (nfrontp > next));
+	if (next == NULL) {
+		next = nfrontp;
+	}
 	length = next-thisitem;
 	memmove(good, thisitem, length);
 	good += length;
 	thisitem = next;
 	} else {
-	thisitem = nextitem(thisitem);
+	thisitem = nextitem(thisitem, nfrontp);
 	}
 }

CVS commit: [netbsd-8] src/libexec/telnetd

2022-08-28 Thread Martin Husemann

Module Name:src
Committed By:   martin
Date:   Sun Aug 28 13:31:40 UTC 2022

Modified Files:
src/libexec/telnetd [netbsd-8]: utility.c

Log Message:
Pull up following revision(s) (requested by hgutch in ticket #1756):

libexec/telnetd/utility.c: revision 1.34

Fix CVE-2020-10188


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.32.32.1 src/libexec/telnetd/utility.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/libexec/telnetd

CVS commit: [netbsd-8] src/libexec/telnetd

CVS commit: [netbsd-8] src/libexec/telnetd

CVS commit: [netbsd-8] src/libexec/telnetd

4 matches

Site Navigation

Mail list logo

Footer information