packages/telnet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:211b6c9c339776f2f47899183b4d5765267ac72e
Branches Tags
packages:main
...
compare: packages:83ec5ddd96fe7a6eb02a8723c7b7c205a711ed65
Branches Tags
packages:main

10 Commits
211b6c9c33 ... 83ec5ddd96

Author SHA1 Message Date
openeuler-ci-bot
83ec5ddd96
!16 [sync] PR-12: fix CVE-2022-39028 
From: @openeuler-sync-bot 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan
 2024-04-01 11:10:58 +00:00
eaglegai
0039c343f1 fix CVE-2022-39028 
(cherry picked from commit 69c6354b51d516919cfb3887e75af553428b5bdd)
 2024-04-01 16:09:51 +08:00
openeuler-ci-bot
8d3d71d597 !6 remove the fedora, redhat keywords and update source url 
From: @haochenstar
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2020-12-16 14:48:41 +08:00
haochenstar
b4a78b3148 remove fedora, redhat keyword and update source url 2020-12-15 20:47:21 +08:00
openeuler-ci-bot
216739b7c3 !5 add yaml file 
From: @haochenstar
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2020-11-23 16:39:46 +08:00
haochenstar
b15f00ac4c add yaml 2020-11-23 14:47:14 +08:00
openeuler-ci-bot
6844b18e5a !3 fix source0 url 
From: @lunankun
Reviewed-by: @wangxp006
Signed-off-by: @wangxp006
 2020-09-15 17:25:45 +08:00
lunankun
bbfc111e07 fix source0 url 2020-09-11 15:13:07 +08:00
openeuler-ci-bot
2d248d52ba !1 fix CVE-2020-10188 
Merge pull request !1 from Vchanger/master
 2020-05-06 17:04:31 +08:00
Vchanger
7286d8a876 telnet: fix CVE-2020-10188 2020-04-27 17:36:24 +08:00
4 changed files with 178 additions and 4 deletions
Show Stats Expand all files Collapse all files

97
CVE-2020-10188.patch Normal file
View File

@ -0,0 +1,97 @@
diff --git a/telnetd/utility.c b/telnetd/utility.c
index 82edee5..514ec19 100644
--- a/telnetd/utility.c
+++ b/telnetd/utility.c
@@ -219,31 +219,38 @@ void ptyflush(void)
*/
static
char *
-nextitem(char *current)
+nextitem(char *current, const char *endp)
{
+ if (current >= endp) {
+ return NULL;
+ }
if ((*current&0xff) != IAC) {
return current+1;
}
+ if (current+1 >= endp) {
+ return NULL;
+ }
switch (*(current+1)&0xff) {
case DO:
case DONT:
case WILL:
case WONT:
- return current+3;
+ return current+3 <= endp ? current+3 : NULL;
case SB: /* loop forever looking for the SE */
{
register char *look = current+2;
- for (;;) {
+ while (look < endp) {
if ((*look++&0xff) == IAC) {
- if ((*look++&0xff) == SE) {
+ if (look < endp && (*look++&0xff) == SE) {
return look;
}
}
}
+ return NULL;
}
default:
- return current+2;
+ return current+2 <= endp ? current+2 : NULL;
}
} /* end of nextitem */
@@ -269,7 +276,7 @@ void netclear(void)
register char *thisitem, *next;
char *good;
#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
- ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
+ (nfrontp > p+1 && (((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))))
#if defined(ENCRYPT)
thisitem = nclearto > netobuf ? nclearto : netobuf;
@@ -277,7 +284,7 @@ void netclear(void)
thisitem = netobuf;
#endif
- while ((next = nextitem(thisitem)) <= nbackp) {
+ while ((next = nextitem(thisitem, nbackp)) != NULL && next <= nbackp) {
thisitem = next;
}
@@ -289,20 +296,23 @@ void netclear(void)
good = netobuf; /* where the good bytes go */
#endif
- while (nfrontp > thisitem) {
+ while (thisitem != NULL && nfrontp > thisitem) {
if (wewant(thisitem)) {
int length;
next = thisitem;
do {
- next = nextitem(next);
- } while (wewant(next) && (nfrontp > next));
+ next = nextitem(next, nfrontp);
+ } while (next != NULL && wewant(next) && (nfrontp > next));
+ if (next == NULL) {
+ next = nfrontp;
+ }
length = next-thisitem;
bcopy(thisitem, good, length);
good += length;
thisitem = next;
} else {
- thisitem = nextitem(thisitem);
+ thisitem = nextitem(thisitem, nfrontp);
}
}
--
1.8.3.1

48
backport-CVE-2022-39028.patch Normal file
View File

@ -0,0 +1,48 @@
Description: Fix remote DoS vulnerability in inetutils-telnetd
This is caused by a crash by a NULL pointer dereference when sending the
byte sequences «0xff 0xf7» or «0xff 0xf8».
Authors:
Pierre Kim (original patch),
Alexandre Torres (original patch),
Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Origin: upstream
Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
Last-Update: 2022-08-28
---
telnetd/state.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index 0dc61a2..befc9d0 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -206,12 +206,20 @@ void telrcv(void) {
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
ptyflush(); /* half-hearted */
init_termbuf();
- if (c == EC) ch = *slctab[SLC_EC].sptr;
- else ch = *slctab[SLC_EL].sptr;
+ if (c == EC)
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
+ else
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t)(_POSIX_VDISABLE))
*pfrontp++ = (unsigned char)ch;
break;
--
2.33.0

32
telnet.spec
View File

@ -1,17 +1,15 @@
Name: telnet Name: telnet
Epoch: 1 Epoch: 1
Version: 0.17 Version: 0.17
Release: 75 Release: 79
Summary: Client and Server programs for the Telnet communication protocol Summary: Client and Server programs for the Telnet communication protocol
License: BSD License: BSD
Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html
Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-telnet-%{version}.tar.gz Source0: https://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-telnet-0.17.tar.gz
#sources form fedora/redhat
Source1: telnet-client.tar.gz Source1: telnet-client.tar.gz
Source2: telnet@.service Source2: telnet@.service
Source3: telnet.socket Source3: telnet.socket
#patches from fedora/redhat repositories
Patch0001: telnet-client-cvs.patch Patch0001: telnet-client-cvs.patch
Patch0002: telnetd-0.17.diff Patch0002: telnetd-0.17.diff
Patch0003: telnet-0.17-env.patch Patch0003: telnet-0.17-env.patch
@ -38,6 +36,8 @@ Patch0023: netkit-telnet-0.17-core-dump.patch
Patch0024: netkit-telnet-0.17-gcc7.patch Patch0024: netkit-telnet-0.17-gcc7.patch
Patch0025: netkit-telnet-0.17-manpage.patch Patch0025: netkit-telnet-0.17-manpage.patch
Patch0026: netkit-telnet-0.17-telnetrc.patch Patch0026: netkit-telnet-0.17-telnetrc.patch
Patch0027: CVE-2020-10188.patch
Patch0028: backport-CVE-2022-39028.patch
BuildRequires: gcc-c++ ncurses-devel systemd BuildRequires: gcc-c++ ncurses-devel systemd
Requires: systemd Requires: systemd
@ -101,5 +101,29 @@ install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}/telnet.socket
%{_mandir}/man1/telnet.1* %{_mandir}/man1/telnet.1*
%changelog %changelog
* Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-79
- Type:cves
- CVE:CVE-2022-39028
- SUG:NA
- DESC:fix CVE-2022-39028
* Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 1:0.17-78
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove sensitive words
* Fri Sep 11 2020 lunankun <lunankun@huawei.com> - 1:0.17-77
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix source0 url
* Mon Apr 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:0.17-76
- Type:cves
- ID:CVE-2020-10188
- SUG:restart
- DESC:fix CVE-2020-10188
* Sat Sep 14 2019 huzhiyu<huzhiyu1@huawei.com> - 1:0.17-75 * Sat Sep 14 2019 huzhiyu<huzhiyu1@huawei.com> - 1:0.17-75
- Package init - Package init

5
telnet.yaml Normal file
View File

@ -0,0 +1,5 @@
version_control: NA
src_repo:
tag_prefix:
separator:
url: https://ftp.linux.org.uk/pub/linux/Networking/netkit