netkit: Drop old and no upstream

Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2023-11-15 08:26:09 -0500
committer: Khem Raj <raj.khem@gmail.com> 2023-11-15 09:51:45 -0800
commit: 4c1e6d32ba6e9a14937a83f0d9375ef4d0b28057 (patch)
tree: 17fdf66e3039dd2b0c2c54ee61f6da105aced1af /meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
parent: 237ce297fa021bd6798ee3ecdc31f716442e4d37 (diff)
download: meta-openembedded-4c1e6d32ba6e9a14937a83f0d9375ef4d0b28057.tar.gz
1 files changed, 0 insertions, 56 deletions
diff --git a/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
deleted file mode 100644
index 8f983e40ab..0000000000
--- a/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001
-From: Julius Hemanth Pitti <jpitti@cisco.com>
-Date: Tue, 14 Jul 2020 22:34:19 -0700
-Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf
-As per man page of vsnprintf, when formated
-string size is greater than "size"(2nd argument),
-then vsnprintf returns size of formated string,
-not "size"(2nd argument).
-netoprintf() was not handling a case where
-return value of vsnprintf is greater than
-"size"(2nd argument), results in buffer overflow
-while adjusting "nfrontp" pointer to point
-beyond "netobuf" buffer.
-Here is one such case where "nfrontp"
-crossed boundaries of "netobuf", and
-pointing to another global variable.
-(gdb) p &netobuf[8255]
-$5 = 0x55c93afe8b1f <netobuf+8255> ""
-(gdb) p nfrontp
-$6 = 0x55c93afe8c20 <terminaltype> "\377"
-(gdb) p &terminaltype
-$7 = (char **) 0x55c93afe8c20 <terminaltype>
-(gdb)
-This resulted in crash of telnetd service
-with segmentation fault.
-Though this is DoS security bug, I couldn't
-find any CVE ID for this.
-Upstream-Status: Pending
-Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
---
- telnetd/utility.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/telnetd/utility.c b/telnetd/utility.c
-index b9a46a6..4811f14 100644
--- a/telnetd/utility.c
-+++ b/telnetd/utility.c
-@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...)
-       len = vsnprintf(nfrontp, maxsize, fmt, ap);
-       va_end(ap);
- 
-      if (len<0 || len==maxsize) {
-+      if (len<0 || len>=maxsize) {
-         /* didn't fit */
-         netflush();
-       }
--
-2.19.1
author	Armin Kuster <akuster808@gmail.com>	2023-11-15 08:26:09 -0500
committer	Khem Raj <raj.khem@gmail.com>	2023-11-15 09:51:45 -0800
commit	4c1e6d32ba6e9a14937a83f0d9375ef4d0b28057 (patch)
tree	17fdf66e3039dd2b0c2c54ee61f6da105aced1af /meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch
parent	237ce297fa021bd6798ee3ecdc31f716442e4d37 (diff)
download	meta-openembedded-4c1e6d32ba6e9a14937a83f0d9375ef4d0b28057.tar.gz

diff --git a/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch b/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch deleted file mode 100644 index 8f983e40ab..0000000000 --- a/meta-networking/recipes-netkit/netkit-telnet/files/0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch +++ /dev/null
@@ -1,56 +0,0 @@
1	From 9c81c8e5bc7782e8ae12c078615abc3c896059f2 Mon Sep 17 00:00:00 2001
2	From: Julius Hemanth Pitti <jpitti@cisco.com>
3	Date: Tue, 14 Jul 2020 22:34:19 -0700
4	Subject: [PATCH] telnetd/utility.c: Fix buffer overflow in netoprintf
5
6	As per man page of vsnprintf, when formated
7	string size is greater than "size"(2nd argument),
8	then vsnprintf returns size of formated string,
9	not "size"(2nd argument).
10
11	netoprintf() was not handling a case where
12	return value of vsnprintf is greater than
13	"size"(2nd argument), results in buffer overflow
14	while adjusting "nfrontp" pointer to point
15	beyond "netobuf" buffer.
16
17	Here is one such case where "nfrontp"
18	crossed boundaries of "netobuf", and
19	pointing to another global variable.
20
21	(gdb) p &netobuf[8255]
22	$5 = 0x55c93afe8b1f <netobuf+8255> ""
23	(gdb) p nfrontp
24	$6 = 0x55c93afe8c20 <terminaltype> "\377"
25	(gdb) p &terminaltype
26	$7 = (char **) 0x55c93afe8c20 <terminaltype>
27	(gdb)
28
29	This resulted in crash of telnetd service
30	with segmentation fault.
31
32	Though this is DoS security bug, I couldn't
33	find any CVE ID for this.
34
35	Upstream-Status: Pending
36
37	Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
38	---
39	telnetd/utility.c \| 2 +-
40	1 file changed, 1 insertion(+), 1 deletion(-)
41
42	diff --git a/telnetd/utility.c b/telnetd/utility.c
43	index b9a46a6..4811f14 100644
44	--- a/telnetd/utility.c
45	+++ b/telnetd/utility.c
46	@@ -66,7 +66,7 @@ netoprintf(const char *fmt, ...)
47	len = vsnprintf(nfrontp, maxsize, fmt, ap);
48	va_end(ap);
49
50	- if (len<0 \|\| len==maxsize) {
51	+ if (len<0 \|\| len>=maxsize) {
52	/* didn't fit */
53	netflush();
54	}
55	--
56	2.19.1