Various buffer overrun fixes and other security enhancements.
Obtained from: PST's fixes to the non-secure telnet{d}
This commit is contained in:
Mark Murray
parent
424b33477f
commit
15f2609585
@ -1667,6 +1667,7 @@ start_login(host, autologin, name)
|
||||
if (auth_level >= 0 && autologin == AUTH_VALID) {
|
||||
# if !defined(NO_LOGIN_F)
|
||||
argv = addarg(argv, "-f");
|
||||
argv = addarg(argv, "--");
|
||||
argv = addarg(argv, name);
|
||||
# else
|
||||
# if defined(LOGIN_R)
|
||||
@ -1739,17 +1740,14 @@ start_login(host, autologin, name)
|
||||
pty = xpty;
|
||||
}
|
||||
# else
|
||||
argv = addarg(argv, "--");
|
||||
argv = addarg(argv, name);
|
||||
# endif
|
||||
# endif
|
||||
} else
|
||||
#endif
|
||||
if ((user = getenv("USER"))) {
|
||||
if (strchr(user, '-')) {
|
||||
syslog(LOG_ERR, "tried to pass user \"%s\" to login",
|
||||
user);
|
||||
fatal(net, "invalid user");
|
||||
}
|
||||
if (getenv("USER")) {
|
||||
argv = addarg(argv, "--");
|
||||
argv = addarg(argv, getenv("USER"));
|
||||
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
|
||||
{
|
||||
|
||||
@ -713,12 +713,14 @@ getterminaltype(name)
|
||||
* we have to just go with what we (might) have already gotten.
|
||||
*/
|
||||
if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
|
||||
(void) strncpy(first, terminaltype, sizeof(first));
|
||||
(void) strncpy(first, terminaltype, sizeof(first)-1);
|
||||
first[sizeof(first)-1] = '\0';
|
||||
for(;;) {
|
||||
/*
|
||||
* Save the unknown name, and request the next name.
|
||||
*/
|
||||
(void) strncpy(last, terminaltype, sizeof(last));
|
||||
(void) strncpy(last, terminaltype, sizeof(last)-1);
|
||||
last[sizeof(last)-1] = '\0';
|
||||
_gettermname();
|
||||
if (terminaltypeok(terminaltype))
|
||||
break;
|
||||
@ -736,8 +738,10 @@ getterminaltype(name)
|
||||
* the start of the list.
|
||||
*/
|
||||
_gettermname();
|
||||
if (strncmp(first, terminaltype, sizeof(first)) != 0)
|
||||
(void) strncpy(terminaltype, first, sizeof(first));
|
||||
if (strncmp(first, terminaltype, sizeof(first)) != 0) {
|
||||
(void) strncpy(terminaltype, first, sizeof(terminaltype)-1);
|
||||
terminaltype[sizeof(terminaltype)-1] = '\0';
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -103,6 +103,7 @@ stilloob(s)
|
||||
do {
|
||||
FD_ZERO(&excepts);
|
||||
FD_SET(s, &excepts);
|
||||
memset((char *)&timeout, 0, sizeof timeout);
|
||||
value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
|
||||
} while ((value == -1) && (errno == EINTR));
|
||||
|
||||
|
||||
@ -40,7 +40,7 @@ SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
|
||||
terminal.c tn3270.c utilities.c
|
||||
|
||||
CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DENCRYPTION
|
||||
CFLAGS+=-I${.CURDIR}/../../lib
|
||||
CFLAGS+=-DSKEY -I${.CURDIR}/../../lib
|
||||
LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet
|
||||
DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP}
|
||||
|
||||
|
||||
@ -120,6 +120,37 @@ static char saveline[256];
|
||||
static int margc;
|
||||
static char *margv[20];
|
||||
|
||||
#if defined(SKEY)
|
||||
#include <sys/wait.h>
|
||||
#define PATH_SKEY "/usr/bin/key"
|
||||
int
|
||||
skey_calc(argc, argv)
|
||||
int argc;
|
||||
char **argv;
|
||||
{
|
||||
int status;
|
||||
|
||||
if(argc != 3) {
|
||||
printf("%s sequence challenge\n", argv[0]);
|
||||
return;
|
||||
}
|
||||
|
||||
switch(fork()) {
|
||||
case 0:
|
||||
execv(PATH_SKEY, argv);
|
||||
exit (1);
|
||||
case -1:
|
||||
perror("fork");
|
||||
break;
|
||||
default:
|
||||
(void) wait(&status);
|
||||
if (WIFEXITED(status))
|
||||
return (WEXITSTATUS(status));
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
makeargv()
|
||||
{
|
||||
@ -511,7 +542,7 @@ togdebug()
|
||||
}
|
||||
#else /* NOT43 */
|
||||
if (debug) {
|
||||
if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
|
||||
if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0)
|
||||
perror("setsockopt (SO_DEBUG)");
|
||||
} else
|
||||
printf("Cannot turn off socket debugging\n");
|
||||
@ -2330,10 +2361,15 @@ tn(argc, argv)
|
||||
} else {
|
||||
#endif
|
||||
temp = inet_addr(hostp);
|
||||
if (temp != (unsigned long) -1) {
|
||||
sin.sin_addr.s_addr = temp;
|
||||
sin.sin_family = AF_INET;
|
||||
(void) strcpy(_hostname, hostp);
|
||||
if (temp != INADDR_NONE) {
|
||||
sin.sin_addr.s_addr = temp;
|
||||
sin.sin_family = AF_INET;
|
||||
host = gethostbyaddr((char *)&temp, sizeof(temp), AF_INET);
|
||||
if (host)
|
||||
(void) strncpy(_hostname, host->h_name, sizeof(_hostname));
|
||||
else
|
||||
(void) strncpy(_hostname, hostp, sizeof(_hostname));
|
||||
_hostname[sizeof(_hostname)-1] = '\0';
|
||||
hostname = _hostname;
|
||||
} else {
|
||||
host = gethostbyname(hostp);
|
||||
@ -2500,6 +2536,9 @@ static char
|
||||
#if defined(unix)
|
||||
zhelp[] = "suspend telnet",
|
||||
#endif /* defined(unix) */
|
||||
#if defined(SKEY)
|
||||
skeyhelp[] = "compute response to s/key challenge",
|
||||
#endif
|
||||
shellhelp[] = "invoke a subshell",
|
||||
envhelp[] = "change environment variables ('environ ?' for more)",
|
||||
modestring[] = "try to enter line or character mode ('mode ?' for more)";
|
||||
@ -2536,6 +2575,9 @@ static Command cmdtab[] = {
|
||||
#endif
|
||||
{ "environ", envhelp, env_cmd, 0 },
|
||||
{ "?", helphelp, help, 0 },
|
||||
#if defined(SKEY)
|
||||
{ "skey", skeyhelp, skey_calc, 0 },
|
||||
#endif
|
||||
{ 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
@ -2721,7 +2763,7 @@ cmdrc(m1, m2)
|
||||
|
||||
if (rcname == 0) {
|
||||
rcname = getenv("HOME");
|
||||
if (rcname)
|
||||
if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf))
|
||||
strcpy(rcbuf, rcname);
|
||||
else
|
||||
rcbuf[0] = '\0';
|
||||
|
||||
@ -145,7 +145,8 @@ extern int
|
||||
#endif /* defined(TN3270) */
|
||||
termdata, /* Print out terminal data flow */
|
||||
#endif /* defined(unix) */
|
||||
debug; /* Debug level */
|
||||
debug, /* Debug level */
|
||||
clienteof; /* Client received EOF */
|
||||
|
||||
extern cc_t escape; /* Escape to command mode */
|
||||
extern cc_t rlogin; /* Rlogin mode escape character */
|
||||
|
||||
@ -1052,7 +1052,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll)
|
||||
}
|
||||
# endif /* defined(TN3270) */
|
||||
/* I don't like this, does it ever happen? */
|
||||
printf("sleep(5) from telnet, after select\r\n");
|
||||
printf("sleep(5) from telnet, after select: %s\r\n", strerror(errno));
|
||||
sleep(5);
|
||||
}
|
||||
return 0;
|
||||
|
||||
@ -115,7 +115,8 @@ int
|
||||
donelclchars, /* the user has set "localchars" */
|
||||
donebinarytoggle, /* the user has put us in binary */
|
||||
dontlecho, /* do we suppress local echoing right now? */
|
||||
globalmode;
|
||||
globalmode,
|
||||
clienteof = 0;
|
||||
|
||||
char *prompt = 0;
|
||||
|
||||
@ -2195,9 +2196,9 @@ Scheduler(block)
|
||||
ttyout = ring_full_count(&ttyoring);
|
||||
|
||||
#if defined(TN3270)
|
||||
ttyin = ring_empty_count(&ttyiring) && (shell_active == 0);
|
||||
ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0);
|
||||
#else /* defined(TN3270) */
|
||||
ttyin = ring_empty_count(&ttyiring);
|
||||
ttyin = ring_empty_count(&ttyiring) && (clienteof == 0);
|
||||
#endif /* defined(TN3270) */
|
||||
|
||||
#if defined(TN3270)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user