mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

netkit-telnet: patch CVE-2022-39028

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39028

Pick the patch mentioned in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-10-21 16:53:47 +02:00
parent 91fe45b5ba
commit c7a33c2d5a
2 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch
+72
View File
@@ -0,0 +1,72 @@
From 1949388e52acd343bb3e366d816b33912e38db39 Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Sun, 28 Aug 2022 15:07:29 +0200
Subject: [PATCH] Fix remote DoS vulnerability in inetutils-telnetd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is caused by a crash by a NULL pointer dereference when sending
the byte sequences «0xff 0xf7» or «0xff 0xf8».
Found-by: Pierre Kim and Alexandre Torres
Patch-adapted-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
CVE: CVE-2022-39028
Upstream-Status: Backport [https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
.../inetutils-telnetd-EC_EL_null_deref.patch | 43 +++++++++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
diff --git a/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch b/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
new file mode 100644
index 0000000..fac5e3f
--- /dev/null
+++ b/debian/patches/inetutils-telnetd-EC_EL_null_deref.patch
@@ -0,0 +1,43 @@
+Description: Fix remote DoS vulnerability in inetutils-telnetd
+ This is caused by a crash by a NULL pointer dereference when sending the
+ byte sequences «0xff 0xf7» or «0xff 0xf8».
+Authors:
+ Pierre Kim (original patch),
+ Alexandre Torres (original patch),
+ Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
+Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
+Origin: upstream
+Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
+Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
+Last-Update: 2022-08-28
+
+
+diff --git a/telnetd/state.c b/telnetd/state.c
+index ffc6cbaf..c2d760f8 100644
+--- a/telnetd/state.c
++++ b/telnetd/state.c
+@@ -312,15 +312,21 @@ telrcv (void)
+ case EC:
+ case EL:
+ {
+- cc_t ch;
++ cc_t ch = (cc_t) (_POSIX_VDISABLE);
+
+ DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
+ ptyflush (); /* half-hearted */
+ init_termbuf ();
+ if (c == EC)
+- ch = *slctab[SLC_EC].sptr;
++ {
++ if (slctab[SLC_EC].sptr)
++ ch = *slctab[SLC_EC].sptr;
++ }
+ else
+- ch = *slctab[SLC_EL].sptr;
++ {
++ if (slctab[SLC_EL].sptr)
++ ch = *slctab[SLC_EL].sptr;
++ }
+ if (ch != (cc_t) (_POSIX_VDISABLE))
+ pty_output_byte ((unsigned char) ch);
+ break;
meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb
+1
View File
@@ -14,6 +14,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/netkit-telnet_${PV}.orig.tar.gz
file://0001-telnet-telnetd-Fix-deadlock-on-cleanup.patch \
file://CVE-2020-10188.patch \
file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \
file://CVE-2022-39028.patch \
"
UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/"