Commit Graph

75 Commits

Author SHA1 Message Date
Kris Kennaway
a2a887b56a output_data(), output_datalen() and netflush() didn't actually guarantee
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20 More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
Ruslan Ermilov
1ee47d0673 vsnprintf() can return a value larger than the buffer size.
Submitted by:	assar
Obtained from:	OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d Fixed the exploitable remote buffer overflow.
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
2001-07-19 17:48:57 +00:00
Ruslan Ermilov
63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Ruslan Ermilov
df1cda58e4 mdoc(7) police: merge all fixes from non-crypto version. 2001-07-05 14:08:12 +00:00
Ruslan Ermilov
a5493c1b77 MF non-crypto: 1.13: document -u in usage. 2001-07-05 14:06:27 +00:00
Matthew Dillon
7a2254dcf0 Oops, forgot the 'u' in the getopt for the previous commit. 2001-05-24 00:14:19 +00:00
Matthew Dillon
e5c23e887b A feature to allow one to telnet to a unix domain socket. (MFC from
non-crypto version)

Also update the crypto telnet's man page to reflect other options
ported from the non-crypto version.

Obtained from:   Lyndon Nerenberg <lyndon@orthanc.ab.ca>
2001-05-23 22:54:07 +00:00
Nick Sayer
9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Peter Wemm
64867478d8 Back out last commit. This was already fixed. This should never have
happened, this is why we have commit mail expressly delivered to
committers.
2001-05-17 03:14:42 +00:00
Peter Wemm
d48d5be0d0 Fix the latest telnet breakage. Obviously this was never compiled. 2001-05-17 03:13:00 +00:00
Nick Sayer
1848e3d448 Since the root-on-insecure-tty code was added to telnetd, a dependency
on char *line was added to libtelnet. Put a dummy one in to keep the
linker happy.
2001-05-16 20:34:42 +00:00
Nick Sayer
166b3cb9a0 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
8183ac8f53 srandomdev() affords us the opportunity to radically improve, and at the
same time simplify, the random number selection code.
2001-05-16 18:32:46 +00:00
Nick Sayer
60f581768d Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris
2001-05-16 18:17:55 +00:00
Peter Wemm
cd189e1195 Hack to work around braindeath in libtelnet:sra.c. The sra.o file
references global variables from telnetd, but is also linked into
telnet as well. I was tempted to back out the last sra.c change
as it is 100% bogus and should be taken out and shot, but for now
this bandaid should get world working again. :-(
2001-05-15 09:52:03 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Ruslan Ermilov
566f5a4859 mdoc(7) police: removed hard sentence breaks introduced in rev.1.10. 2001-04-13 08:49:52 +00:00
Nick Sayer
036790848a Clean up telnet's argument processing a bit. autologin and encryption is
now the default, so ignore the arguments that turn it on. Add a new -y
argument to turn off encryption in case someone wants to do that. Sync
these changes with the man page (including removing the now obsolete
statement about availability only in the US and Canada).
2001-04-06 15:56:10 +00:00
Nick Sayer
6a1fe28e41 Reactivate SRA.
Make handling of SIGINT and SIGQUIT follow SIGTSTP in TerminalNewMode().
This allows people to break out of SRA authentication if they wish to.
2001-04-05 14:09:15 +00:00
Nick Sayer
989efc86f5 Fix core noted in -stable with 'auth disable SRA'.
I just mistakenly commited this to RELENG_4. I have contacted Jordan to see
about how to fix this. Pass the pointy hat.
2001-03-18 09:44:25 +00:00
Assar Westerlund
bb330cd01e enable auto-negotiation of encrypt and decrypt 2001-03-12 03:54:48 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4 Fix typo: compatability -> compatibility.
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332 Fix typo: wierd -> weird.
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Ruslan Ermilov
f78fa00345 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 17:12:45 +00:00
Ruslan Ermilov
72c60cff38 Prepare for mdoc(7)NG. 2001-01-10 16:51:28 +00:00
Assar Westerlund
ba688fa510 (scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e Add more environment variables to be filtered through scrub_env().
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27 Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
2000-11-26 21:37:51 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Kris Kennaway
f743d11975 Fix a buffer overflow from a long local hostname.
Obtained from:	OpenBSD
2000-11-19 10:08:26 +00:00
Ruslan Ermilov
726b61ab5f Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
Kris Kennaway
579c78c7f6 Sync with usr.bin/telnet/telnet.c r1.9 - fix buffer overflow in DISPLAY 2000-10-29 00:10:14 +00:00
Hajimu UMEMOTO
c847fdb1f9 Fix buffer size of ALIGNed buffer.
PR:		bin/20053
Submitted by:	Alex Kapranoff <alex@kapran.bitmcnit.bryansk.su>
2000-07-20 14:54:04 +00:00
Peter Wemm
ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Nick Sayer
67bf7a0ac8 Fix 'telnet -X sra' coredump
PR# 19835
2000-07-11 15:04:05 +00:00
Kris Kennaway
19a32101dd Don't call printf with no format string. 2000-07-10 05:16:59 +00:00
Hajimu UMEMOTO
1c60903414 Make telnet -s work. It is corresponding to EAI_NONAME -> EAI_NODATA
change (getaddrinfo.c rev 1.12).
2000-07-08 05:22:00 +00:00
Jun-ichiro itojun Hagino
7e154dad2e sync with usr.bin/telnet/commands.c 1.21 -> 1.22. pierre.dampure@alveley.org 2000-07-07 12:35:05 +00:00
Yoshinobu Inoue
46ad1c2366 CMSG_XXX macros alignment fixes to follow RFC2292.
Approved by: jkh
2000-03-03 12:50:46 +00:00
Mark Murray
bf4f84d44c Get crypto from libcrypto, not libdes. 2000-02-24 19:28:31 +00:00
Mark Murray
228c5a5af7 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
Yoshinobu Inoue
81edae92ed Use static buffer to save source route hostnames.
Approved by: jkh
2000-02-19 16:33:14 +00:00