Page MenuHomeFreeBSD
Differential D36680

telnetd: fix two-byte input crash
ClosedPublic
Actions

Authored by brooks on Sep 23 2022, 6:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Oct 24, 7:17 PM
Unknown Object (File)
Sep 24 2024, 10:21 AM
Unknown Object (File)
Sep 15 2024, 6:34 PM
Unknown Object (File)
Sep 5 2024, 8:00 PM
Unknown Object (File)
Sep 2 2024, 4:57 PM
Unknown Object (File)
Aug 30 2024, 9:04 PM
Unknown Object (File)
Aug 29 2024, 3:53 PM
Unknown Object (File)
Aug 8 2024, 12:58 PM
View All 70 Files
Subscribers
imp

Details

Reviewers
cy
Commits
rGf2aa49e7fda5: telnetd: fix two-byte input crash
rG6abdfd389044: telnetd: fix two-byte input crash
rG6914ffef4e23: telnetd: fix two-byte input crash
Summary

(Move initialization of the slc table earlier so it doesn't get
accessed before that happens.)

For details on the issue, see:
https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html

Obtained from: NetBSD via cy@

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Sep 23 2022, 6:05 PM
Herald added a subscriber: imp. · View Herald TranscriptSep 23 2022, 6:05 PM
brooks requested review of this revision.Sep 23 2022, 6:05 PM
Harbormaster completed remote builds in B47503: Diff 110882.Sep 23 2022, 6:05 PM
cy accepted this revision.Sep 24 2022, 4:15 AM

There's also a fix for CVE-2020-10188 (https://github.com/cschuber/freebsd-telnet/commit/e76b51e91f6d9aa7b72ee6624c29b46ddce2a406). Do you want to commit that or should I?

This revision is now accepted and ready to land.Sep 24 2022, 4:15 AM
cy added a comment.Sep 24 2022, 4:18 AM

Next question. I maintain the extract of the FreeBSD telnet/telnetd on GH, of which telnetd is a port while telnet is in the repo should we choose to remove it as well. I've been toying with the idea of telnet and telnetd ports based on NetBSD. They will probably pay more attention to it than we might. Thoughts?

brooks added a comment.Sep 26 2022, 4:58 PM
In D36680#832950, @cy wrote:

There's also a fix for CVE-2020-10188 (https://github.com/cschuber/freebsd-telnet/commit/e76b51e91f6d9aa7b72ee6624c29b46ddce2a406). Do you want to commit that or should I?

Please go ahead and commit that one. I'll wait to delete the build bits (D36620) and sources (D36621) until you do so the changes be be MFCd.

brooks added a comment.Sep 26 2022, 5:01 PM
In D36680#832953, @cy wrote:

Next question. I maintain the extract of the FreeBSD telnet/telnetd on GH, of which telnetd is a port while telnet is in the repo should we choose to remove it as well. I've been toying with the idea of telnet and telnetd ports based on NetBSD. They will probably pay more attention to it than we might. Thoughts?

There's probably some sense in making a port of the NetBSD ones. Ours will continue to rot. On the client side, the OpenBSD version might be worth considering.

Closed by commit rG6914ffef4e23: telnetd: fix two-byte input crash (authored by brooks). · Explain WhySep 26 2022, 5:58 PM
This revision was automatically updated to reflect the committed changes.
brooks added a commit: rG6914ffef4e23: telnetd: fix two-byte input crash.
brooks added a commit: rG6abdfd389044: telnetd: fix two-byte input crash.Sep 29 2022, 10:36 PM
brooks added a commit: rGf2aa49e7fda5: telnetd: fix two-byte input crash.

Revision Contents
Changeset List

PathSize
contrib/
telnet/
telnetd/
10 lines

Diff 111005

View Options

contrib/telnet/telnetd/telnetd.c

Loading...