packages/telnet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!14 [sync] PR-13: fix CVE-2022-39028

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan
This commit is contained in:
openeuler-ci-bot 2024-04-01 11:09:05 +00:00 committed by Gitee
commit 056276bfa6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
backport-CVE-2022-39028.patch Normal file
View File

@ -0,0 +1,48 @@
Description: Fix remote DoS vulnerability in inetutils-telnetd
This is caused by a crash by a NULL pointer dereference when sending the
byte sequences «0xff 0xf7» or «0xff 0xf8».
Authors:
Pierre Kim (original patch),
Alexandre Torres (original patch),
Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Origin: upstream
Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
Last-Update: 2022-08-28
---
telnetd/state.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index 0dc61a2..befc9d0 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -206,12 +206,20 @@ void telrcv(void) {
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
ptyflush(); /* half-hearted */
init_termbuf();
- if (c == EC) ch = *slctab[SLC_EC].sptr;
- else ch = *slctab[SLC_EL].sptr;
+ if (c == EC)
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
+ else
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t)(_POSIX_VDISABLE))
*pfrontp++ = (unsigned char)ch;
break;
--
2.33.0

9
telnet.spec
View File

@ -1,7 +1,7 @@
Name: telnet Name: telnet
Epoch: 1 Epoch: 1
Version: 0.17 Version: 0.17
Release: 79 Release: 80
Summary: Client and Server programs for the Telnet communication protocol Summary: Client and Server programs for the Telnet communication protocol
License: BSD License: BSD
Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html
@ -37,6 +37,7 @@ Patch0024: netkit-telnet-0.17-gcc7.patch
Patch0025: netkit-telnet-0.17-manpage.patch Patch0025: netkit-telnet-0.17-manpage.patch
Patch0026: netkit-telnet-0.17-telnetrc.patch Patch0026: netkit-telnet-0.17-telnetrc.patch
Patch0027: CVE-2020-10188.patch Patch0027: CVE-2020-10188.patch
Patch0028: backport-CVE-2022-39028.patch
BuildRequires: gcc-c++ ncurses-devel systemd BuildRequires: gcc-c++ ncurses-devel systemd
Requires: systemd Requires: systemd
@ -100,6 +101,12 @@ install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}/telnet.socket
%{_mandir}/man1/telnet.1* %{_mandir}/man1/telnet.1*
%changelog %changelog
* Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-80
- Type:cves
- CVE:CVE-2022-39028
- SUG:NA
- DESC:fix CVE-2022-39028
* Wed Aug 30 2023 renyi <977713017@qq.com> - 1:0.17-79 * Wed Aug 30 2023 renyi <977713017@qq.com> - 1:0.17-79
- Type:Feature - Type:Feature
- ID:NA - ID:NA