From b0971fab49182a8ecdf39ddf90251abb281a1c3d Mon Sep 17 00:00:00 2001 From: maya Date: Thu, 13 Dec 2018 05:34:38 +0000 Subject: inetutils: avoid buffer overflow, infinite loop. bump PKGREVISION. --- net/inetutils/Makefile | 4 ++-- net/inetutils/distinfo | 4 +++- net/inetutils/patches/patch-telnet_telnet.c | 33 ++++++++++++++++++++++++++ net/inetutils/patches/patch-telnet_utilities.c | 14 +++++++++++ 4 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 net/inetutils/patches/patch-telnet_telnet.c create mode 100644 net/inetutils/patches/patch-telnet_utilities.c (limited to 'net/inetutils') diff --git a/net/inetutils/Makefile b/net/inetutils/Makefile index 260327c8c93..73a91e196a9 100644 --- a/net/inetutils/Makefile +++ b/net/inetutils/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.3 2017/09/08 09:45:12 adam Exp $ +# $NetBSD: Makefile,v 1.4 2018/12/13 05:34:38 maya Exp $ DISTNAME= inetutils-1.9.4 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_GNU:=inetutils/} EXTRACT_SUFX= .tar.xz diff --git a/net/inetutils/distinfo b/net/inetutils/distinfo index 787e7ab16a4..c4bc81cdc31 100644 --- a/net/inetutils/distinfo +++ b/net/inetutils/distinfo @@ -1,6 +1,8 @@ -$NetBSD: distinfo,v 1.1 2017/07/07 04:03:06 adam Exp $ +$NetBSD: distinfo,v 1.2 2018/12/13 05:34:38 maya Exp $ SHA1 (inetutils-1.9.4.tar.xz) = 5e515cc9da142cb73bb1beda137b4c2dcf2b528c RMD160 (inetutils-1.9.4.tar.xz) = 0c144d9ac0b5c07beca1e634fc5b2c5bae15917d SHA512 (inetutils-1.9.4.tar.xz) = 020d1cab6659da63b26445b29820ad6769b8cf992496bece3dcbfba73804e29cc5c496d59f36046d432f9cc7fadefa3170f6d8faa855e59435aff4ecef724e66 Size (inetutils-1.9.4.tar.xz) = 1364408 bytes +SHA1 (patch-telnet_telnet.c) = a3fe07b5d00bae8d9a9f69d0c2996d88e84c8cd9 +SHA1 (patch-telnet_utilities.c) = ddd301b000d73eff9da8ded700ee374aa0798c12 diff --git a/net/inetutils/patches/patch-telnet_telnet.c b/net/inetutils/patches/patch-telnet_telnet.c new file mode 100644 index 00000000000..1e02b5a1bdd --- /dev/null +++ b/net/inetutils/patches/patch-telnet_telnet.c @@ -0,0 +1,33 @@ +$NetBSD: patch-telnet_telnet.c,v 1.1 2018/12/13 05:34:38 maya Exp $ + +Avoid easy buffer overflow. + +--- telnet/telnet.c.orig 2015-03-31 15:40:50.000000000 +0000 ++++ telnet/telnet.c +@@ -861,7 +861,7 @@ suboption (void) + len = strlen (name) + 4 + 2; + if (len < NETROOM ()) + { +- sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, ++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, + TELQUAL_IS, name, IAC, SE); + ring_supply_data (&netoring, temp, len); + printsub ('>', &temp[2], len - 2); +@@ -885,7 +885,7 @@ suboption (void) + + TerminalSpeeds (&ispeed, &ospeed); + +- sprintf ((char *) temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED, ++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED, + TELQUAL_IS, (int) ospeed, (int) ispeed, IAC, SE); + len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */ + +@@ -999,7 +999,7 @@ suboption (void) + send_wont (TELOPT_XDISPLOC, 1); + break; + } +- sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, ++ snprintf ((char *) temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, + TELQUAL_IS, dp, IAC, SE); + len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */ + diff --git a/net/inetutils/patches/patch-telnet_utilities.c b/net/inetutils/patches/patch-telnet_utilities.c new file mode 100644 index 00000000000..8637c5e9fc5 --- /dev/null +++ b/net/inetutils/patches/patch-telnet_utilities.c @@ -0,0 +1,14 @@ +$NetBSD: patch-telnet_utilities.c,v 1.1 2018/12/13 05:34:38 maya Exp $ + +Avoid infinite loop. This is an error exit. + +--- telnet/utilities.c.orig 2015-03-31 15:40:50.000000000 +0000 ++++ telnet/utilities.c +@@ -1062,7 +1062,6 @@ Exit (int returnCode) + void + ExitString (char *string, int returnCode) + { +- SetForExit (); + fwrite (string, 1, strlen (string), stderr); + exit (returnCode); + } -- cgit v1.2.3