diff options
author | Chris Severance | 2017-07-11 14:43:40 -0400 |
---|---|---|
committer | Chris Severance | 2017-07-11 14:43:40 -0400 |
commit | 21a3a1e8e6703e4c1f1409854f2abe7c5f316313 (patch) | |
tree | 5a424a2107d6b7d9e13c1334fbdb1a04599f936a | |
parent | f9a08b064fe9536a2f4beaea0198e3c976fe2a02 (diff) | |
download | aur-21a3a1e8e6703e4c1f1409854f2abe7c5f316313.tar.gz |
Patch for stack smashing buffer overflow
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | 0001-telnetd-Fix-buffer-overflows.patch | 172 | ||||
-rw-r--r-- | PKGBUILD | 15 |
3 files changed, 187 insertions, 8 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Thu May 4 02:14:23 UTC 2017 +# Tue Jul 11 18:42:59 UTC 2017 pkgbase = inetutils-git pkgdesc = A collection of common network programs - pkgver = 1.9.4.r25.g3d64a8c7 + pkgver = 1.9.4.r38.g91960071 pkgrel = 1 url = http://www.gnu.org/software/inetutils/ install = inetutils.install @@ -24,8 +24,9 @@ pkgbase = inetutils-git backup = etc/xinetd.d/rsh backup = etc/pam.d/rlogin backup = etc/pam.d/rsh - source = git://git.savannah.gnu.org/inetutils.git#commit=3d64a8c7280e7d218c4b607aa25352be1d6c4ded + source = git://git.savannah.gnu.org/inetutils.git source = git://git.sv.gnu.org/gnulib + source = 0001-telnetd-Fix-buffer-overflows.patch source = ftpd.service::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/ftpd.service?h=packages/inetutils source = rlogin.pam::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/rlogin.pam?h=packages/inetutils source = rlogin@.service::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/rlogin@.service?h=packages/inetutils @@ -43,6 +44,7 @@ pkgbase = inetutils-git source = telnet.xinetd::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/telnet.xinetd?h=packages/inetutils sha256sums = SKIP sha256sums = SKIP + sha256sums = 1eacb0bdb4496f12e7a0593278aa4ae1eadf271a263bf27285acb1c03015c4de sha256sums = f1b9b4e57f484070366444a649f1be151d01d5bc965b9b192c242e4b7cc4beeb sha256sums = 428367b148033c7fa865e92bdd73b06cb58e6909488649adebf8d2253a022f1f sha256sums = 6112bcdb595937a8c7940dc158a97fd48b8cce6526a9fb017f347f614b9d6548 diff --git a/0001-telnetd-Fix-buffer-overflows.patch b/0001-telnetd-Fix-buffer-overflows.patch new file mode 100644 index 000000000000..5742a2c67c72 --- /dev/null +++ b/0001-telnetd-Fix-buffer-overflows.patch @@ -0,0 +1,172 @@ +From c4f1bc8e2e9e6303a33e1babfffafef9aa628c49 Mon Sep 17 00:00:00 2001 +From: Guillem Jover <guillem@hadrons.org> +Date: Tue, 11 Jul 2017 12:22:41 +0200 +Subject: [PATCH] telnetd: Fix buffer overflows + +Increate the data buffers so that the terminating NUL fits. Use strlen +instead of sizeof to cope with the buffers size increase and to make +the code future-proof. +--- + ChangeLog | 7 +++++++ + telnetd/telnetd.c | 6 +++--- + telnetd/termstat.c | 34 +++++++++++++++++----------------- + 3 files changed, 27 insertions(+), 20 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ea93a846..99157ea1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++2017-07-11 Guillem Jover <guillem@hadrons.org> ++ ++ * telnetd/telnetd.c (telnetd_run): Increate the data buffer so that ++ the terminating NUL fits. Use strlen instead of sizeof to cope with ++ the buffer size increase and make the code future-proof. ++ * telnetd/termstat.c (localstat, flowstat, clientstat): Likewise. ++ + 2017-07-10 Omer Anson <oaanson@gmail.com> (tiny change) + + * src/hostname.c (parse_file): Free name and allocate one extra +diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c +index 5e13e23d..917a3355 100644 +--- a/telnetd/telnetd.c ++++ b/telnetd/telnetd.c +@@ -706,15 +706,15 @@ telnetd_run (void) + int newflow = (c & TIOCPKT_DOSTOP) ? 1 : 0; + if (newflow != flowmode) + { +- char data[6]; ++ char data[7]; + + sprintf (data, "%c%c%c%c%c%c", + IAC, SB, TELOPT_LFLOW, + flowmode ? LFLOW_ON : LFLOW_OFF, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + } + } + +diff --git a/telnetd/termstat.c b/telnetd/termstat.c +index a3e37d03..167fff1e 100644 +--- a/telnetd/termstat.c ++++ b/telnetd/termstat.c +@@ -306,7 +306,7 @@ localstat (void) + } + else if (lmodetype == REAL_LINEMODE) + { +- char data[7]; ++ char data[8]; + + send_do (TELOPT_LINEMODE, 1); + /* send along edit modes */ +@@ -314,9 +314,9 @@ localstat (void) + IAC, SB, TELOPT_LINEMODE, + LM_MODE, useeditmode, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + + editmode = useeditmode; + } +@@ -341,15 +341,15 @@ localstat (void) + /* + * Send along appropriate edit mode mask. + */ +- char data[7]; ++ char data[8]; + + sprintf (data, "%c%c%c%c%c%c%c", + IAC, SB, TELOPT_LINEMODE, + LM_MODE, useeditmode, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + + editmode = useeditmode; + } +@@ -393,7 +393,7 @@ flowstat (void) + { + if (his_state_is_will (TELOPT_LFLOW)) + { +- char data[6]; ++ char data[7]; + + if (tty_flowmode () != flowmode) + { +@@ -402,9 +402,9 @@ flowstat (void) + IAC, SB, TELOPT_LFLOW, + flowmode ? LFLOW_ON : LFLOW_OFF, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + } + if (tty_restartany () != restartany) + { +@@ -413,9 +413,9 @@ flowstat (void) + IAC, SB, TELOPT_LFLOW, + restartany ? LFLOW_RESTART_ANY : LFLOW_RESTART_XON, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + } + } + } +@@ -478,7 +478,7 @@ clientstat (register int code, register int parm1, register int parm2) + if (lmodetype == REAL_LINEMODE && uselinemode) + if (uselinemode) + { +- char data[7]; ++ char data[8]; + + useeditmode = 0; + if (tty_isediting ()) +@@ -494,9 +494,9 @@ clientstat (register int code, register int parm1, register int parm2) + IAC, SB, TELOPT_LINEMODE, + LM_MODE, useeditmode, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + + editmode = useeditmode; + } +@@ -555,15 +555,15 @@ clientstat (register int code, register int parm1, register int parm2) + + if (!ack) + { +- char data[7]; ++ char data[8]; + + sprintf (data, "%c%c%c%c%c%c%c", + IAC, SB, TELOPT_LINEMODE, + LM_MODE, useeditmode | MODE_ACK, + IAC, SE); +- net_output_datalen (data, sizeof (data)); ++ net_output_datalen (data, strlen (data)); + DEBUG (debug_options, 1, +- printsub ('>', data + 2, sizeof (data) - 2)); ++ printsub ('>', data + 2, strlen (data) - 2)); + } + + editmode = useeditmode; +-- +2.13.2 + @@ -6,7 +6,7 @@ set -u _pkgname='inetutils' pkgname="${_pkgname}-git" -pkgver=1.9.4.r25.g3d64a8c7 +pkgver=1.9.4.r38.g91960071 pkgrel=1 _srcdir="${_pkgname}" pkgdesc='A collection of common network programs' @@ -24,8 +24,9 @@ options=('!emptydirs' '!strip') install="${_pkgname}.install" _verwatch=('http://ftp.gnu.org/gnu/inetutils/' 'inetutils-\([0-9\.]\+\)\.tar\.gz' 'l') source=( - "git://git.savannah.gnu.org/${_pkgname}.git#commit=3d64a8c7280e7d218c4b607aa25352be1d6c4ded" + "git://git.savannah.gnu.org/${_pkgname}.git" #commit=3d64a8c7280e7d218c4b607aa25352be1d6c4ded" 'git://git.sv.gnu.org/gnulib' + '0001-telnetd-Fix-buffer-overflows.patch' ) # This link must be the same as the one in bootstrap _archlink="@@@::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/@@@?h=packages/${_pkgname}" _archsource=( @@ -41,6 +42,7 @@ done unset _src _archlink sha256sums=('SKIP' 'SKIP' + '1eacb0bdb4496f12e7a0593278aa4ae1eadf271a263bf27285acb1c03015c4de' 'f1b9b4e57f484070366444a649f1be151d01d5bc965b9b192c242e4b7cc4beeb' '428367b148033c7fa865e92bdd73b06cb58e6909488649adebf8d2253a022f1f' '6112bcdb595937a8c7940dc158a97fd48b8cce6526a9fb017f347f614b9d6548' @@ -68,11 +70,14 @@ pkgver() { prepare() { set -u cd "${_srcdir}" - ln -sf '../gnulib' + ln -s '../gnulib' # telnetd disconnects without banner on 90% of connections # http://lists.gnu.org/archive/html/bug-inetutils/2015-07/msg00006.html # http://lists.gnu.org/archive/html/bug-inetutils/2015-08/index.html - sed -i -e 's:if (pty_read () <= 0):if (pty_read () < 0):g' 'telnetd/telnetd.c' + sed -e 's:if (pty_read () <= 0):if (pty_read () < 0):g' -i 'telnetd/telnetd.c' + + # http://lists.gnu.org/archive/html/bug-inetutils/2017-07/msg00005.html + patch -Nbup1 < '../0001-telnetd-Fix-buffer-overflows.patch' set +u } @@ -99,7 +104,7 @@ _configure() { --disable-logger --disable-syslogd \ --disable-inetd --disable-whois \ --disable-uucpd --disable-ifconfig --disable-traceroute - sed -i -e '/INSTALL_STRIP_PROGRAM/ s: -s::g' 'Makefile' + sed -e '/INSTALL_STRIP_PROGRAM/ s: -s::g' -i 'Makefile' fi cd "${srcdir}" set +u |