Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 40781 Details for
Bug 64632
net-misc/netkit-telnetd: buffer overflows
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
security only patch
securitypatch.diff (text/plain), 5.32 KB, created by
Florian Schilhabel (RETIRED)
on 2004-09-30 06:33:03 UTC
(
hide
)
Description:
security only patch
Filename:
MIME Type:
Creator:
Florian Schilhabel (RETIRED)
Created:
2004-09-30 06:33:03 UTC
Size:
5.32 KB
patch
obsolete
>diff -Naur ./netkit-telnet-0.17/telnet/Makefile ./netkit-telnet-0.17_new/telnet/Makefile >--- ./netkit-telnet-0.17/telnet/Makefile 1999-08-01 07:06:37.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnet/Makefile 2004-09-29 14:35:02.823959864 +0200 >@@ -7,7 +7,7 @@ > > # -DAUTHENTICATE > CXXFLAGS += -DUSE_TERMIO -DKLUDGELINEMODE >-LIBS += $(LIBTERMCAP) >+LIBS += $(LIBTERMCAP) -lcurses > > SRCS = commands.cc main.cc network.cc ring.cc sys_bsd.cc telnet.cc \ > terminal.cc tn3270.cc utilities.cc genget.cc environ.cc netlink.cc >diff -Naur ./netkit-telnet-0.17/telnet/commands.cc ./netkit-telnet-0.17_new/telnet/commands.cc >--- ./netkit-telnet-0.17/telnet/commands.cc 2000-07-23 06:16:24.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnet/commands.cc 2004-09-29 14:42:57.482800752 +0200 >@@ -2013,8 +2013,7 @@ > return 0; > } > >-static char *rcname = 0; >-static char rcbuf[128]; >+char *rcname = NULL; > > void cmdrc(const char *m1, const char *m2) { > FILE *rcfile; >@@ -2028,15 +2027,11 @@ > strcpy(m1save, m1); > m1 = m1save; > >- if (rcname == 0) { >- rcname = getenv("HOME"); >- if (rcname) >- strcpy(rcbuf, rcname); >- else >- rcbuf[0] = '\0'; >- strcat(rcbuf, "/.telnetrc"); >- rcname = rcbuf; >- } >+ if (asprintf (&rcname, "%s/.telnetrc", getenv ("HOME")) == -1) >+ { >+ perror ("asprintf"); >+ return; >+ } > > rcfile = fopen(rcname, "r"); > if (!rcfile) return; >@@ -2070,6 +2065,7 @@ > continue; > process_command(&cmdtab, margc, margv); > } >+ free (rcname); > fclose(rcfile); > } > >diff -Naur ./netkit-telnet-0.17/telnet/main.cc ./netkit-telnet-0.17_new/telnet/main.cc >--- ./netkit-telnet-0.17/telnet/main.cc 1999-08-01 07:06:37.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnet/main.cc 2004-09-29 14:35:02.823959864 +0200 >@@ -43,6 +43,7 @@ > > #include "../version.h" > >+#include <stdlib.h> > #include <sys/types.h> > #include <getopt.h> > #include <string.h> >diff -Naur ./netkit-telnet-0.17/telnet/netlink.cc ./netkit-telnet-0.17_new/telnet/netlink.cc >--- ./netkit-telnet-0.17/telnet/netlink.cc 2000-07-23 06:16:25.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnet/netlink.cc 2004-09-29 14:35:02.824959712 +0200 >@@ -2,6 +2,7 @@ > #include <stdio.h> > #include <unistd.h> > #include <stdlib.h> >+#include <string.h> > #include <sys/socket.h> > #include <netinet/in.h> > #include <arpa/inet.h> >diff -Naur ./netkit-telnet-0.17/telnet/network.cc ./netkit-telnet-0.17_new/telnet/network.cc >--- ./netkit-telnet-0.17/telnet/network.cc 1996-08-13 10:09:58.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnet/network.cc 2004-09-29 14:35:02.825959560 +0200 >@@ -37,6 +37,7 @@ > char net_rcsid[] = > "$Id: network.cc,v 1.15 1996/08/13 08:09:58 dholland Exp $"; > >+#include <stdlib.h> > #include <sys/types.h> > #include <sys/socket.h> > #include <sys/time.h> >diff -Naur ./netkit-telnet-0.17/telnet/terminal.cc ./netkit-telnet-0.17_new/telnet/terminal.cc >--- ./netkit-telnet-0.17/telnet/terminal.cc 1999-12-12 20:48:05.000000000 +0100 >+++ ./netkit-telnet-0.17_new/telnet/terminal.cc 2004-09-29 14:35:02.825959560 +0200 >@@ -41,6 +41,8 @@ > #include <sys/types.h> > #include <sys/time.h> > #include <termios.h> >+#include <string.h> >+#include <stdlib.h> > #include <unistd.h> > #include <signal.h> > #include <errno.h> >diff -Naur ./netkit-telnet-0.17/telnet/utilities.cc ./netkit-telnet-0.17_new/telnet/utilities.cc >--- ./netkit-telnet-0.17/telnet/utilities.cc 1999-12-12 16:33:40.000000000 +0100 >+++ ./netkit-telnet-0.17_new/telnet/utilities.cc 2004-09-29 14:35:02.826959408 +0200 >@@ -46,6 +46,8 @@ > #include <sys/time.h> > #include <sys/socket.h> > #include <unistd.h> >+#include <string.h> >+#include <stdlib.h> > #include <ctype.h> > > #include "ring.h" >diff -Naur ./netkit-telnet-0.17/telnetd/Makefile ./netkit-telnet-0.17_new/telnetd/Makefile >--- ./netkit-telnet-0.17/telnetd/Makefile 1999-12-14 01:43:30.000000000 +0100 >+++ ./netkit-telnet-0.17_new/telnetd/Makefile 2004-09-29 14:35:02.827959256 +0200 >@@ -10,7 +10,7 @@ > > CFLAGS += '-DISSUE_FILE="/etc/issue.net"' -DPARANOID_TTYS \ > -DNO_REVOKE -DKLUDGELINEMODE -DDIAGNOSTICS >-# LIBS += $(LIBTERMCAP) >+LIBS += -lutil > > OBJS = telnetd.o state.o termstat.o slc.o sys_term.o utility.o \ > global.o setproctitle.o >diff -Naur ./netkit-telnet-0.17/telnetd/telnetd.c ./netkit-telnet-0.17_new/telnetd/telnetd.c >--- ./netkit-telnet-0.17/telnetd/telnetd.c 2000-04-12 23:36:12.000000000 +0200 >+++ ./netkit-telnet-0.17_new/telnetd/telnetd.c 2004-09-29 14:46:02.048742464 +0200 >@@ -1146,7 +1146,7 @@ > return; > } > #endif >- netoprintf("\r\n[%s : yes]\r\n", host_name); >+ netoprintf("\r\n[Yes]\r\n"); > } > > void doeof(void) { >diff -Naur ./netkit-telnet-0.17/telnetd/utility.c ./netkit-telnet-0.17_new/telnetd/utility.c >--- ./netkit-telnet-0.17/telnetd/utility.c 1999-12-12 15:59:45.000000000 +0100 >+++ ./netkit-telnet-0.17_new/telnetd/utility.c 2004-09-29 14:45:33.949014272 +0200 >@@ -55,18 +55,24 @@ > void > netoprintf(const char *fmt, ...) > { >- int len, maxsize; >+ int len = 0, maxsize; > va_list ap; > int done=0; > > while (!done) { > maxsize = sizeof(netobuf) - (nfrontp - netobuf); >- >+ if (maxsize < 0) { >+ /* no way this is gonna fit - try to flush some */ >+ netflush(); >+ maxsize = sizeof(netobuf) - (nfrontp - netobuf); >+ if (maxsize < 0) >+ break; >+ } > va_start(ap, fmt); > len = vsnprintf(nfrontp, maxsize, fmt, ap); > va_end(ap); > >- if (len<0 || len==maxsize) { >+ if (len<=0 || len==maxsize) { > /* didn't fit */ > netflush(); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 64632
:
39916
|
39917
|
40532
|
40748
|
40779
| 40781