mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 05:29:32 +00:00
Code Issues Projects Releases Wiki Activity

inetutils: Fix remote DoS vulnerability in inetutils-telnetd

Browse Source 
(From OE-Core rev: f9c23404de44553eacd363885588b88714742387)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Khem Raj
2022-09-12 18:37:45 -07:00
committed by Richard Purdie
parent 5b4e7e13d3
commit 6f9970ea02
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/inetutils/inetutils/CVE-2022-39028.patch
+54
View File
@@ -0,0 +1,54 @@
From d52349fa1b6baac77ffa2c74769636aa2ece2ec5 Mon Sep 17 00:00:00 2001
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Date: Sat, 3 Sep 2022 16:58:16 +0200
Subject: [PATCH] telnetd: Handle early IAC EC or IAC EL receipt
Fix telnetd crash if the first two bytes of a new connection
are 0xff 0xf7 (IAC EC) or 0xff 0xf8 (IAC EL).
The problem was reported in:
<https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html>.
* NEWS: Mention fix.
* telnetd/state.c (telrcv): Handle zero slctab[SLC_EC].sptr and
zero slctab[SLC_EL].sptr.
CVE: CVE-2022-39028
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=fae8263e467380483c28513c0e5fac143e46f94f]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
telnetd/state.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/telnetd/state.c b/telnetd/state.c
index ffc6cba..c2d760f 100644
--- a/telnetd/state.c
+++ b/telnetd/state.c
@@ -312,15 +312,21 @@ telrcv (void)
case EC:
case EL:
{
- cc_t ch;
+ cc_t ch = (cc_t) (_POSIX_VDISABLE);
DEBUG (debug_options, 1, printoption ("td: recv IAC", c));
ptyflush (); /* half-hearted */
init_termbuf ();
if (c == EC)
- ch = *slctab[SLC_EC].sptr;
+ {
+ if (slctab[SLC_EC].sptr)
+ ch = *slctab[SLC_EC].sptr;
+ }
else
- ch = *slctab[SLC_EL].sptr;
+ {
+ if (slctab[SLC_EL].sptr)
+ ch = *slctab[SLC_EL].sptr;
+ }
if (ch != (cc_t) (_POSIX_VDISABLE))
pty_output_byte ((unsigned char) ch);
break;
--
2.37.3
meta/recipes-connectivity/inetutils/inetutils_2.3.bb
+1
View File
@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://tftpd.xinetd.inetutils \ file://tftpd.xinetd.inetutils \
file://inetutils-1.9-PATH_PROCNET_DEV.patch \ file://inetutils-1.9-PATH_PROCNET_DEV.patch \
file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \ file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
file://CVE-2022-39028.patch \
" "
inherit autotools gettext update-alternatives texinfo inherit autotools gettext update-alternatives texinfo