Commit Graph

167 Commits

Author SHA1 Message Date
kevans
3d7d411366 telnet: kill off remaining duplicate definition 2020-03-28 20:43:15 +00:00
kevans
98434d648d Re-apply r359399: telnet -fno-common fix
line and auth_level's redefinitions are just extraneous

telnetd will #define extern and then include ext.h to allocate storage for
all of these extern'd vars; however, two of them are actually defined in
libtelnet instead. Instead of doing an #ifdef extern dance around those
function pointers, just add an EXTERN macro to make it easier to
differentiate by sight which ones will get allocated in globals.c and which
ones are defined elsewhere.

MFC after:	3 days
2020-03-28 19:43:45 +00:00
kevans
2532bfad1b Revert 359399: telnet -fno-common bits
There was a large misfire from my local diff that I need to investigate, and
this version committed did not build.
2020-03-28 17:57:36 +00:00
kevans
67bd655004 telnet: remove some duplicate definitions, mark terminaltype extern
Most of these were already properly declared and defined elsewhere, this is
effectively just a minor cleanup that fixes the -fno-common build.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-03-28 17:06:34 +00:00
cem
f136a5e916 libtelnet: Replace bogus use of srandomdev + random to generate "public key pair"
I'm pretty skeptical that any crypto in telnet is worth using, but if we're
ostensibly generating keys, arc4random is strictly better than the previous
construct.
2019-12-13 05:42:57 +00:00
emaste
f53c2107a8 telnet: remove 3rd clause from Berkeley copyrights
Per the July 22, 1999 letter (in /COPYRIGHT) from
William Hoskins
Director, Office of Technology Licensing
University of California, Berkeley

MFC after:	1 week
2019-08-15 13:27:57 +00:00
emaste
1a617d0e1b telnet: use asprintf for r349890 change
Suggested by:	imp
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
2019-08-01 13:46:04 +00:00
philip
cd47aa6c7f telnet: fix minor style violation
While here also fix a very unlikely NULL pointer dereference.

Submitted by:	Shawn Webb <shawn.webb@hardenedbsd.org>
2019-07-10 22:36:14 +00:00
philip
084f697eff telnet: fix a couple of snprintf() buffer overflows
Obtained from:	Juniper Networks
MFC after:	1 week
2019-07-10 17:42:04 +00:00
jkim
d847c947e3 Make telnet(1) buildable. 2018-09-19 07:01:22 +00:00
jkim
192af730df Revert r338774. Unrelated changes were committed with Apache Serf. 2018-09-19 06:56:37 +00:00
jkim
7cc69f42ae Update Apache Serf to 1.3.9 to make it buildable with OpenSSL 1.1.1. 2018-09-19 06:49:55 +00:00
cem
27f566329c telnetd(8): Fix dereference of uninitialized value 'IF'
Reported by:	Coverity
Sponsored by:	Dell EMC Isilon
2018-03-16 20:59:56 +00:00
stevek
55a2e79ea0 Fix memory leak in edithost
The problem is that when the parameter 'pat' is null, the function locally
allocates a NULL string but never frees it.

Instead of tracking the local alloc, it is noted that the while(*pat) never
enters when there is a local alloc.
So instead of doing the local alloc, check that 'pat' is null before the
while(*pat) loop.

Found using clang's static analyzer - scan-build

Submitted by:	Thomas Rix <trix@juniper.net>
Reviewed by:	markm
Approved by:	sjg (mentor)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D9689
2017-06-01 19:21:30 +00:00
glebius
9777ffde9a When telnetd(8) composes argument list for login(1), an unexpected sequence
of memory allocation failures combined with insufficient error checking
could result in the construction and execution of an argument sequence that
was not intended.

Fix that treating malloc(3) failures as fatal condition.

Submitted by:	brooks
Security:	FreeBSD-SA-16:36.telnetd
2016-12-06 18:50:22 +00:00
dim
3cbaf7b2f3 Fix warnings in telnet about invalid constant conversions, e.g.:
contrib/telnet/telnet/commands.c:2914:13: error: implicit conversion
from 'int' to 'char' changes value from 137 to -119
[-Werror,-Wconstant-conversion]
                *lsrp++ = IPOPT_SSRR;
                        ~ ^~~~~~~~~~
/usr/include/netinet/ip.h:152:21: note: expanded from macro 'IPOPT_SSRR'
#define IPOPT_SSRR              137             /* strict source route */
                                ^~~
contrib/telnet/telnet/commands.c:2916:13: error: implicit conversion
from 'int' to 'char' changes value from 131 to -125
[-Werror,-Wconstant-conversion]
                *lsrp++ = IPOPT_LSRR;
                        ~ ^~~~~~~~~~
/usr/include/netinet/ip.h:148:21: note: expanded from macro 'IPOPT_LSRR'
#define IPOPT_LSRR              131             /* loose source route */
                                ^~~

Use unsigned char buffers instead.

MFC after:	1 week
2016-08-30 20:27:22 +00:00
dim
a0793a9d31 Squelch clang 3.9.0 warnings about BASE (which is 32768) being converted
to -32768 when it is used as an argument to mp_itom(), in both libtelnet
and newkey.  This code has been wrong since r26238 (!), so after almost
20 years it is rather useless to try to correct it.

MFC after:	1 week
2016-08-30 19:02:15 +00:00
ngie
b0fc5dc54a Add baud rate support to telnet(1)
This implements part of RFC-2217

It's based off a patch originally written by Sujal Patel at Isilon, and
contributions from other Isilon employees.

PR: 173728
Phabric: D995
Reviewed by: markj, markm
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2014-11-11 04:06:05 +00:00
marcel
a6ba47be88 Improve upon previous commit:
1.  Check return of mmap(2) (*)
2.  Avoid FD leak when fstat fails.
3.  Fix style(9).

(*) Pointed out by jmg@
2014-03-02 03:34:06 +00:00
marcel
97ad1f3cd1 Revive support for /etc/issue, lost due revision 81963.
Obtained from:	Juniper Networks, Inc.
2014-03-02 00:47:47 +00:00
sjg
eba650c709 Propagate ancient fix from Junos.
Use of -h is not supposed to depend on AUTHENTICATION being defined.

Reviewed by: markm
2013-11-07 00:36:39 +00:00
marcel
838ba827a2 Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago).
The "automatic" login feature is described as follows:
The USER environment variable holds the name of the person telnetting in.
This is the username of the person on the client machine. The traditional
behaviour is to execute login(1) with this username first, meaning that
login(1) will prompt for the password only. If login fails, login(1) will
retry, but now prompt for the username before prompting for the password.

This feature got broken by how the environment got scrubbed. Before the
change in r69825 we removed variables that we deemed dangerous. Starting
with r69825 we only keep those variable we know to be safe.

The USER environment variable fell through the cracks. It suddenly got
scrubbed (i.e. removed from the environment) while still being checked
for. It also got explicitly removed from the environment to handle the
failed login case.

The fix is to obtain the value of the USER environment variable before
we scrub the environment and used the "cached" in subsequent checks.
This guarantees that the environment does not contain the USER variable
in the end, while still being able to implement "automatic" login.

Obtained from:	Juniper Networks, Inc.
2013-05-31 17:30:12 +00:00
kevlo
a93e845e54 Make sure that each va_start has one and only one matching va_end,
especially in error cases.
2012-09-28 07:51:30 +00:00
joel
8682432c9a Remove superfluous paragraph macro. 2012-06-17 11:04:38 +00:00
stas
b697411942 - Do not use deprecated krb5 error message reporting functions in libtelnet. 2012-04-06 00:03:45 +00:00
cperciva
6d6844d3db Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]
Add an API for alerting internal libc routines to the presence of
"unsafe" paths post-chroot, and use it in ftpd. [11:07]

Fix a buffer overflow in telnetd. [11:08]

Make pam_ssh ignore unpassphrased keys unless the "nullok" option is
specified. [11:09]

Add sanity checking of service names in pam_start. [11:10]

Approved by:    so (cperciva)
Approved by:    re (bz)
Security:       FreeBSD-SA-11:06.bind
Security:       FreeBSD-SA-11:07.chroot
Security:       FreeBSD-SA-11:08.telnetd
Security:       FreeBSD-SA-11:09.pam_ssh
Security:       FreeBSD-SA-11:10.pam
2011-12-23 15:00:37 +00:00
dim
c98bc3558c In contrib/telnet/telnet/utilities.c, fix a few warnings about format
strings not being literals.

MFC after:	1 week
2011-12-17 18:18:36 +00:00
dim
eb8ae0b5f9 In contrib/telnet/telnetd/utility.c, fix a few warnings about format
strings not being literals.

MFC after:	1 week
2011-12-16 16:53:54 +00:00
dim
5cd3bc283f In contrib/telnet/libtelnet/sra.c, use the correct number of bytes to
zero the password buffer.

MFC after:	1 week
2011-12-16 00:48:53 +00:00
jilles
0637e80406 telnet: Fix infinite loop if local output generates SIGPIPE.
Instead of catching SIGPIPE and jumping out of the signal handler with
longjmp, ignore it and handle write errors to the local output by exiting
from there. I have changed the error message to mention the local output
instead of NetBSD's wrong "Connection closed by foreign host". Write errors
to the network were already handled by exiting immediately and this now
applies to EPIPE too.

The code assumed that SIGPIPE could only be generated by the network
connection; if it was generated by the local output, it would longjmp out of
the signal handler and write an error message which caused another SIGPIPE.

PR:		19773
Obtained from:	NetBSD
MFC after:	1 week
2010-04-30 19:52:35 +00:00
ed
55b15dac03 Forgot a part that was missing in the previous commit.
There is no need to call trimdomain() anymore now that ut_host is big
enough to fit decent hostnames.
2010-01-13 18:46:50 +00:00
ed
bd3422d93e Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the
terminal during shutdown anymore. Also don't call logwtmp, because the
login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
of 2.
2010-01-13 18:37:42 +00:00
ed
40014dccb8 Remove unneeded inclusion of <utmp.h> and dead variables. 2009-12-27 11:56:32 +00:00
ed
369b564923 Use <termios.h> instead of <sys/termios.h>.
<sys/termios.h> only works on FreeBSD by accident.
2009-11-28 11:57:25 +00:00
ed
fa4082de19 Rename all symbols in libmp(3) to mp_*, just like Solaris.
The function pow() in libmp(3) clashes with pow(3) in libm. We could
rename this single function, but we can just take the same approach as
the Solaris folks did, which is to prefix all function names with mp_.

libmp(3) isn't really popular nowadays. I suspect not a single
application in ports depends on it. There's still a chance, so I've
increased the SHLIB_MAJOR and __FreeBSD_version.

Reviewed by:	deischen, rdivacky
2009-02-26 21:43:15 +00:00
cperciva
84a38d3949 Correctly scrub telnetd's environment.
Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:05.telnetd
2009-02-16 21:56:17 +00:00
ed
1c998c296e Use strlcpy() instead of strcpy().
Requested by:	mlaier
2008-11-13 20:40:38 +00:00
ed
c737fde5da Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even
though it turned out to be a different problem within the TTY code, I
spotted a small issue with telnetd(8). Instead of allocating PTY's using
openpty(3) or posix_openpt(2), it used its own PTY allocation routine.
This means that telnetd(8) still uses /dev/ptyXX-style devices.

I've also increased the size of line[]. Even though 16 should be enough,
we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives
us a little more freedom.

Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname
to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 ->
0, instead of pts/0).

Reviewed by:	rink
2008-11-13 19:05:27 +00:00
antoine
5843973f4a Fix TELOPT(opt) when opt > TELOPT_TN3270E.
PR:		127194
Submitted by:	Joost Bekkers
MFC after:	1 month
2008-09-13 17:46:50 +00:00
trhodes
505d893184 List authentication types supported with "-X" taken from the libtelnet
code.

PR:		121721
2008-08-29 00:04:37 +00:00
jhb
3bc77fdd97 Don't attempt authentication at all if it has been disabled via '-a off'.
This works around a bug in HP-UX's telnet client and also gives a much
saner user experience when using FreeBSD's telnet client.

PR:		bin/19405
Submitted by:	Joel Ray Holveck   joelh of gnu.org
MFC after:	1 month
2008-07-28 18:58:16 +00:00
gnn
f5875f045c Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
ru
a87ef86746 Markup nits. 2006-09-29 22:51:29 +00:00
ru
91aa6d24db Remove bogus casts of valid integer ioctl() arguments. 2006-09-26 21:46:12 +00:00
maxim
b7da97dfc0 o Mention .telnetrc DEFAULT keyword.
PR:		bin/100496 (sort of)
Obtained from:	NetBSD, heas@netbsd
MFC after:	3 weeks
2006-09-18 15:03:18 +00:00
ume
ed819b8c09 NI_WITHSCOPEID cleanup 2005-05-21 15:28:42 +00:00
nectar
fc3b18bce3 Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>
2005-03-28 14:45:12 +00:00
tobez
e89ea7ac96 Increase usefulness of telnet(1) as a protocol tester. By prepending
"+" to the port number, disable option negotiation and allow
transferring of data with high bit set.

OKed by:	markm (maintainer)
PR:		52032
Submitted by:	Valentin Nechayev <netch maybe-at netch stop kiev stop ua>
MFC After:	2 weeks
2005-02-28 12:46:53 +00:00
ru
0b29d18074 - Soften sentence breaks.
- Remove double whitespace.
- Sort sections.
2005-01-21 21:57:05 +00:00
maxim
ae5da6b5cf o Make telnet[d] -S (IP TOS) flag really work. We do not have
/etc/iptos implementation so only numeric values supported.

o telnetd.8: steal the -S flag description from telnet.1, bump
the date of the document.

MFC after:	6 weeks
2005-01-09 10:24:46 +00:00