inetutils: avoid buffer overflow, infinite loop. bump PKGREVISION.

4 files changed, 52 insertions, 3 deletions

diff --git a/net/inetutils/Makefile b/net/inetutils/Makefile
index 260327c8c93..73a91e196a9 100644
--- a/net/inetutils/Makefile
+++ b/net/inetutils/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.3 2017/09/08 09:45:12 adam Exp $
+# $NetBSD: Makefile,v 1.4 2018/12/13 05:34:38 maya Exp $
 
 DISTNAME=	inetutils-1.9.4
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	${MASTER_SITE_GNU:=inetutils/}
 EXTRACT_SUFX=	.tar.xz
diff --git a/net/inetutils/distinfo b/net/inetutils/distinfo
index 787e7ab16a4..c4bc81cdc31 100644
--- a/net/inetutils/distinfo
+++ b/net/inetutils/distinfo
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.1 2017/07/07 04:03:06 adam Exp $
+$NetBSD: distinfo,v 1.2 2018/12/13 05:34:38 maya Exp $
 
 SHA1 (inetutils-1.9.4.tar.xz) = 5e515cc9da142cb73bb1beda137b4c2dcf2b528c
 RMD160 (inetutils-1.9.4.tar.xz) = 0c144d9ac0b5c07beca1e634fc5b2c5bae15917d
 SHA512 (inetutils-1.9.4.tar.xz) = 020d1cab6659da63b26445b29820ad6769b8cf992496bece3dcbfba73804e29cc5c496d59f36046d432f9cc7fadefa3170f6d8faa855e59435aff4ecef724e66
 Size (inetutils-1.9.4.tar.xz) = 1364408 bytes
+SHA1 (patch-telnet_telnet.c) = a3fe07b5d00bae8d9a9f69d0c2996d88e84c8cd9
+SHA1 (patch-telnet_utilities.c) = ddd301b000d73eff9da8ded700ee374aa0798c12
diff --git a/net/inetutils/patches/patch-telnet_telnet.c b/net/inetutils/patches/patch-telnet_telnet.c
new file mode 100644
index 00000000000..1e02b5a1bdd
--- /dev/null
+++ b/net/inetutils/patches/patch-telnet_telnet.c
@@ -0,0 +1,33 @@
+$NetBSD: patch-telnet_telnet.c,v 1.1 2018/12/13 05:34:38 maya Exp $
+
+Avoid easy buffer overflow.
+
+--- telnet/telnet.c.orig	2015-03-31 15:40:50.000000000 +0000
++++ telnet/telnet.c
+@@ -861,7 +861,7 @@ suboption (void)
+ 	  len = strlen (name) + 4 + 2;
+ 	  if (len < NETROOM ())
+ 	    {
+-	      sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
++	      snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+ 		       TELQUAL_IS, name, IAC, SE);
+ 	      ring_supply_data (&netoring, temp, len);
+ 	      printsub ('>', &temp[2], len - 2);
+@@ -885,7 +885,7 @@ suboption (void)
+ 
+ 	  TerminalSpeeds (&ispeed, &ospeed);
+ 
+-	  sprintf ((char *) temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
++	  snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
+ 		   TELQUAL_IS, (int) ospeed, (int) ispeed, IAC, SE);
+ 	  len = strlen ((char *) temp + 4) + 4;	/* temp[3] is 0 ... */
+ 
+@@ -999,7 +999,7 @@ suboption (void)
+ 	      send_wont (TELOPT_XDISPLOC, 1);
+ 	      break;
+ 	    }
+-	  sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
++	  snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+ 		   TELQUAL_IS, dp, IAC, SE);
+ 	  len = strlen ((char *) temp + 4) + 4;	/* temp[3] is 0 ... */
+ 
diff --git a/net/inetutils/patches/patch-telnet_utilities.c b/net/inetutils/patches/patch-telnet_utilities.c
new file mode 100644
index 00000000000..8637c5e9fc5
--- /dev/null
+++ b/net/inetutils/patches/patch-telnet_utilities.c
@@ -0,0 +1,14 @@
+$NetBSD: patch-telnet_utilities.c,v 1.1 2018/12/13 05:34:38 maya Exp $
+
+Avoid infinite loop. This is an error exit.
+
+--- telnet/utilities.c.orig	2015-03-31 15:40:50.000000000 +0000
++++ telnet/utilities.c
+@@ -1062,7 +1062,6 @@ Exit (int returnCode)
+ void
+ ExitString (char *string, int returnCode)
+ {
+-  SetForExit ();
+   fwrite (string, 1, strlen (string), stderr);
+   exit (returnCode);
+ }