Commit Graph

35 Commits

Author SHA1 Message Date
Kris Kennaway
a2a887b56a output_data(), output_datalen() and netflush() didn't actually guarantee
to do what they are supposed to: under some circumstances output data would
be truncated, or the buffer would not actually be flushed (possibly leading
to overflows when the caller assumes the operation succeeded).  Change the
semantics so that these functions ensure they complete the operation before
returning.

Comment out diagnostic code enabled by '-D reports' which causes an
infinite recursion and an eventual crash.

Patch developed with assistance from ru and assar.
2001-07-23 21:52:26 +00:00
Ruslan Ermilov
40e7fc1a20 More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
Ruslan Ermilov
1ee47d0673 vsnprintf() can return a value larger than the buffer size.
Submitted by:	assar
Obtained from:	OpenBSD
2001-07-19 18:58:31 +00:00
Ruslan Ermilov
5f10368c1d Fixed the exploitable remote buffer overflow.
Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp
2001-07-19 17:48:57 +00:00
Ruslan Ermilov
63919764c2 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
Jeroen Ruigrok van der Werven
2b081e30cf Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
Jeroen Ruigrok van der Werven
2cdd9c0332 Fix typo: wierd -> weird.
There is no such thing as wierd in the english language.
2001-02-06 09:32:26 +00:00
Ruslan Ermilov
f78fa00345 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 17:12:45 +00:00
Ruslan Ermilov
72c60cff38 Prepare for mdoc(7)NG. 2001-01-10 16:51:28 +00:00
Assar Westerlund
ba688fa510 (scrub_env): change to only accept a listed set of variables,
including only non-filename contents for TERMCAP
2000-12-10 20:50:20 +00:00
Jeroen Ruigrok van der Werven
acd1c3499e Add more environment variables to be filtered through scrub_env().
Synched from normal telnet.
2000-11-30 13:14:54 +00:00
Jeroen Ruigrok van der Werven
d904cf9f8e String paranoia fix. Synched from normal telnet. 2000-11-30 13:10:01 +00:00
Jeroen Ruigrok van der Werven
7e8f2fef03 String paranoia. Merged from regular telnet. 2000-11-30 10:55:25 +00:00
Kris Kennaway
f6fd83ed27 Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
Submitted by:	Edwin Groothuis <mavetju@chello.nl>
PR:		bin/22787
2000-11-26 21:37:51 +00:00
Ruslan Ermilov
e97407b4f2 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 20:10:44 +00:00
Ruslan Ermilov
726b61ab5f Avoid use of direct troff requests in mdoc(7) manual pages. 2000-11-10 17:46:15 +00:00
Peter Wemm
ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Mark Murray
228c5a5af7 Freefall/Internat diff reducer. 2000-02-24 10:37:29 +00:00
Yoshinobu Inoue
4dd8b5ab79 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Nick Sayer
610fe6066a According to Mark Murray, Makefiles do not belong here. I guess we're
going to have to figure something else out.
1999-08-16 18:59:05 +00:00
Nick Sayer
0f8c8396c5 Add SRA authentication to src/crypto/telnet.
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00
Brian Somers
4560ea546c MF libexec/telnetd: Determine the host name using an array size of
MAXHOSTNAMELEN and call trimdomain() before implementing
                    the -u option.
1999-04-08 21:39:34 +00:00
Brian Somers
22e99a4288 MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes. 1999-04-07 10:17:24 +00:00
Brian Somers
9c5cc7136c Use realhostname(). 1999-04-06 23:35:21 +00:00
Brian Somers
3bfc6c798d MF src/libexec/telnetd: Verify the reverse DNS lookup
ala rlogind.
Suggested by: markm
1999-04-06 12:41:27 +00:00
Peter Wemm
8d0a3d19f7 Old stuff laying around: Don't use getstr which can conflict with some
curses/termcap/terminfo implementations and causes recursion.
1998-12-16 06:06:06 +00:00
Peter Wemm
3f0340f838 Old stuff from a source tree: copy (verbatum) the code to expand the
%s/%m in the default /etc/gettytab.
1998-12-16 06:01:33 +00:00
Gary Palmer
f58619de89 Remove redundant decl. of time(). Causes problems on alpha 1998-09-01 15:17:28 +00:00
Warner Losh
d82dcd5eaf MFC: sprintf paranoia 1998-01-22 00:04:57 +00:00
Philippe Charnier
81e04eaec0 MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3). 1997-12-08 07:41:13 +00:00
Frank Durda IV
bf7bcc34e1 PR: bin/771 and bin/1037 are resolved by this change
This change changes the default handling of linemode so that older and/or
stupider telnet clients can still get wakeup characters like <ESC> and
<CTRL>D to work correctly multiple times on the same line, as in csh
"set filec" operations.   It also causes CR and LF characters to be read by
apps in certain terminal modes consistently, as opposed to returning
CR sometimes and LF sometimes, which broke existing apps.  The change
was shown to fix the problem demonstrated in the FreeBSD telnet client,
along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF,
NCSA, and others.

A similar change was incorporated in the non-crypto version of telnetd.

This resolves bin/771 and bin/1037.
1997-10-08 03:14:34 +00:00
Mark Murray
04c426cce3 Bring the FreeBSD changes to the virgin sources. 1997-09-07 07:02:53 +00:00
Mark Murray
81cb6ddccd Initial import of BSD telnet. This will be used to build the kerberised
telnet, and after userland diffs have been merged in, will be used to
build the non-kerberised sources as well. (See unifdef(1) for details)
1997-09-04 06:11:16 +00:00