!14 [sync] PR-13: fix CVE-2022-39028

From: @openeuler-sync-bot Reviewed-by: @sunsuwan Signed-off-by: @sunsuwan
fix CVE-2022-39028
2024-04-01 11:09:05 +00:00 · 2024-04-01 16:08:31 +08:00 · 2023-08-30 02:32:12 +00:00 · 2023-08-30 10:21:40 +08:00 · 2020-12-16 14:48:41 +08:00 · 2020-12-15 20:47:21 +08:00
3 changed files with 82 additions and 6 deletions
--- a/backport-CVE-2022-39028.patch
+++ b/backport-CVE-2022-39028.patch
@ -0,0 +1,48 @@
 Description: Fix remote DoS vulnerability in inetutils-telnetd
 This is caused by a crash by a NULL pointer dereference when sending the
 byte sequences «0xff 0xf7» or «0xff 0xf8».
 Authors:
 Pierre Kim (original patch),
 Alexandre Torres (original patch),
 Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
 Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
 Origin: upstream
 Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
 Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
 Last-Update: 2022-08-28
 ---
 telnetd/state.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)
 diff --git a/telnetd/state.c b/telnetd/state.c
 index 0dc61a2..befc9d0 100644
 --- a/telnetd/state.c
 +++ b/telnetd/state.c
@@ -206,12 +206,20 @@ void telrcv(void) {
 	      case EC:
 	      case EL:
 		 {
 -		     cc_t ch;
 +		     cc_t ch = (cc_t) (_POSIX_VDISABLE);
 		     DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
 		     ptyflush();	/* half-hearted */
 		     init_termbuf();
 -		     if (c == EC) ch = *slctab[SLC_EC].sptr;
 -		     else ch = *slctab[SLC_EL].sptr;
 +		     if (c == EC) 
 +		     {
 +		         if (slctab[SLC_EC].sptr)
 +				ch = *slctab[SLC_EC].sptr;
 +		     }
 +		     else
 +		     {
 +		         if (slctab[SLC_EL].sptr)
 +				ch = *slctab[SLC_EL].sptr;
 +		     }
 		     if (ch != (cc_t)(_POSIX_VDISABLE))
 			 *pfrontp++ = (unsigned char)ch;
 		     break;
 -- 
 2.33.0
--- a/telnet.spec
+++ b/telnet.spec
@ -1,17 +1,15 @@
 Name:             telnet
 Epoch:            1
 Version:          0.17
-Release:          76
+Release:          80
 Summary:          Client and Server programs for the Telnet communication protocol
 License:          BSD
 Url:              http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html
-Source0:          ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-telnet-%{version}.tar.gz
+Source0:          https://ftp.linux.org.uk/pub/linux/Networking/netkit/netkit-telnet-0.17.tar.gz
 #sources form fedora/redhat
 Source1:          telnet-client.tar.gz
 Source2:          telnet@.service
 Source3:          telnet.socket
 #patches from fedora/redhat repositories
 Patch0001:        telnet-client-cvs.patch
 Patch0002:        telnetd-0.17.diff
 Patch0003:        telnet-0.17-env.patch
@ -39,6 +37,7 @@ Patch0024:        netkit-telnet-0.17-gcc7.patch
 Patch0025:        netkit-telnet-0.17-manpage.patch
 Patch0026:        netkit-telnet-0.17-telnetrc.patch
 Patch0027:        CVE-2020-10188.patch
 Patch0028:        backport-CVE-2022-39028.patch
 BuildRequires:    gcc-c++ ncurses-devel systemd
 Requires:         systemd
@ -65,11 +64,11 @@ mv -f telnet telnet-NETKIT
 %autosetup -T -D -a 1 -n netkit-telnet-%{version} -p1
 %build
-%{_configure} --with-c-compiler=gcc --prefix=%{_prefix} --exec-prefix=%{_exec_prefix}
+%{_configure} --with-c-compiler=%{__cc} --prefix=%{_prefix} --exec-prefix=%{_exec_prefix}
 sed -i 's,-O2,\$(CC_FLAGS),;s,LDFLAGS=.*,LDFLAGS=\$(LD_FLAGS),;s,^MANDIR=.*$,MANDIR=%{_mandir},' MCONFIG
 sed -i 's,install [+-]s,install,g' ./telnet/GNUmakefile ./telnetd/Makefile ./telnetlogin/Makefile ./telnet-NETKIT/Makefile
-%make_build CC_FLAGS="$RPM_OPT_FLAGS -fpie" LD_FLAGS="$LD_FLAGS -z now -pie"
+%make_build CC_FLAGS="$RPM_OPT_FLAGS -fpie -Wno-error=int-conversion" LD_FLAGS="$LD_FLAGS -z now -pie"
 %install
 install -d %{buildroot}{%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8}}
@ -102,6 +101,30 @@ install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}/telnet.socket
 %{_mandir}/man1/telnet.1*
 %changelog
 * Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-80
 - Type:cves
 - CVE:CVE-2022-39028
 - SUG:NA
 - DESC:fix CVE-2022-39028
 * Wed Aug 30 2023 renyi <977713017@qq.com> - 1:0.17-79
 - Type:Feature
 - ID:NA
 - SUG:NA
 - DESC:add clang compile support
 * Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 1:0.17-78
 - Type:requirement
 - ID:NA
 - SUG:NA
 - DESC:remove sensitive words 
 * Fri Sep 11 2020 lunankun <lunankun@huawei.com> - 1:0.17-77
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix source0 url
 * Mon Apr 27 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:0.17-76
 - Type:cves
 - ID:CVE-2020-10188
--- a/telnet.yaml
+++ b/telnet.yaml
@ -0,0 +1,5 @@
 version_control: NA
 src_repo:
 tag_prefix:
 separator:
 url: https://ftp.linux.org.uk/pub/linux/Networking/netkit
Author	SHA1	Message	Date
openeuler-ci-bot	056276bfa6	!14 [sync] PR-13: fix CVE-2022-39028 From: @openeuler-sync-bot Reviewed-by: @sunsuwan Signed-off-by: @sunsuwan	2024-04-01 11:09:05 +00:00
eaglegai	19ea7a1c24	fix CVE-2022-39028 (cherry picked from commit 05795c0b96687818fd4428ad9798737286981dd3)	2024-04-01 16:08:31 +08:00
openeuler-ci-bot	f66583b278	!9 LLVM平行宇宙：支持使用clang构建telnet From: @ren-yi43 Reviewed-by: @sunsuwan Signed-off-by: @sunsuwan	2023-08-30 02:32:12 +00:00
15859157387	a8f4d4bb42	add clang compile	2023-08-30 10:21:40 +08:00
openeuler-ci-bot	8d3d71d597	!6 remove the fedora, redhat keywords and update source url From: @haochenstar Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng	2020-12-16 14:48:41 +08:00
haochenstar	b4a78b3148	remove fedora, redhat keyword and update source url	2020-12-15 20:47:21 +08:00
openeuler-ci-bot	216739b7c3	!5 add yaml file From: @haochenstar Reviewed-by: @zengwefeng Signed-off-by: @zengwefeng	2020-11-23 16:39:46 +08:00
haochenstar	b15f00ac4c	add yaml	2020-11-23 14:47:14 +08:00
openeuler-ci-bot	6844b18e5a	!3 fix source0 url From: @lunankun Reviewed-by: @wangxp006 Signed-off-by: @wangxp006	2020-09-15 17:25:45 +08:00
lunankun	bbfc111e07	fix source0 url	2020-09-11 15:13:07 +08:00