telnetd: fix two-byte input crash

Move initialization of the slc table earlier so it doesn't get accessed before that happens. For details on the issue, see: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html Reviewed by: cy Obtained from: NetBSD via cy Differential Revision: https://reviews.freebsd.org/D36680
2022-09-26 18:56:51 +01:00 · 2022-09-26 18:56:51 +01:00 · 6914ffef4e
commit 6914ffef4e
parent b5b07c71e8
1 changed files with 5 additions and 5 deletions
--- a/contrib/telnet/telnetd/telnetd.c
+++ b/contrib/telnet/telnetd/telnetd.c
@ -658,6 +658,11 @@ doit(struct sockaddr *who)
 	int err_; /* XXX */
 	int ptynum;

+	/*
+	 * Initialize the slc mapping table.
+	 */
+	get_slc_defaults();
+
 	/*
 	 * Find an available pty to use.
 	 */
@ -741,11 +746,6 @@ telnet(int f, int p, char *host)
 	struct stat statbuf;
 	int nfd;

-	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
 	/*
 	 * Do some tests where it is desireable to wait for a response.
 	 * Rather than doing them slowly, one at a time, do them all