diff options
| author | Sanjay Chitroda <sanjay.chitroda@einfochips.com> | 2023-09-22 04:17:25 -0700 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-09-27 07:40:56 -0400 |
| commit | d4277b473459366ffb7894a77e26b4a53a420e45 (patch) | |
| tree | b89421fc556042c27936a3a6665725804eb16b3c /meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch | |
| parent | 255184c655e4e2c02c8e1a78ea5594ce34dec999 (diff) | |
| download | meta-openembedded-d4277b473459366ffb7894a77e26b4a53a420e45.tar.gz | |
netkit-telnet: Fix CVE-2022-39028
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-39028
https://security-tracker.debian.org/tracker/CVE-2022-39028
Upstream Patch:
https://cgit.freebsd.org/src/commit/?id=6914ffef4e23
- Patch is adopted from FreeBSD, as same vulnerability of
telnetd is applicable to FreeBSD and netkit-telnet packages.
Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d629fe71e4242fc0557f5668d9f223777eb60a0f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch')
| -rw-r--r-- | meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch new file mode 100644 index 0000000000..e8c3f1d84b --- /dev/null +++ b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028.patch | |||
| @@ -0,0 +1,53 @@ | |||
| 1 | From 4133a888aa256312186962ab70d4a36eed5920c1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Brooks Davis <brooks@FreeBSD.org> | ||
| 3 | Date: Mon, 26 Sep 2022 18:56:51 +0100 | ||
| 4 | Subject: [PATCH] telnetd: fix two-byte input crash | ||
| 5 | |||
| 6 | Move initialization of the slc table earlier so it doesn't get | ||
| 7 | accessed before that happens. | ||
| 8 | |||
| 9 | For details on the issue, see: | ||
| 10 | https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html | ||
| 11 | |||
| 12 | Reviewed by: cy | ||
| 13 | Obtained from: NetBSD via cy | ||
| 14 | Differential Revision: https://reviews.freebsd.org/D36680 | ||
| 15 | |||
| 16 | CVE: CVE-2022-39028 | ||
| 17 | Upstream-Status: Backport [https://cgit.freebsd.org/src/commit/?id=6914ffef4e23] | ||
| 18 | |||
| 19 | (cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8) | ||
| 20 | Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com> | ||
| 21 | |||
| 22 | --- | ||
| 23 | telnetd/telnetd.c | 10 +++++----- | ||
| 24 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
| 25 | |||
| 26 | diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c | ||
| 27 | index f36f505..efa0fe1 100644 | ||
| 28 | --- a/telnetd/telnetd.c | ||
| 29 | +++ b/telnetd/telnetd.c | ||
| 30 | @@ -615,6 +615,11 @@ doit(struct sockaddr_in *who) | ||
| 31 | int level; | ||
| 32 | char user_name[256]; | ||
| 33 | |||
| 34 | + /* | ||
| 35 | + * Initialize the slc mapping table. | ||
| 36 | + */ | ||
| 37 | + get_slc_defaults(); | ||
| 38 | + | ||
| 39 | /* | ||
| 40 | * Find an available pty to use. | ||
| 41 | */ | ||
| 42 | @@ -698,11 +703,6 @@ void telnet(int f, int p) | ||
| 43 | char *HE; | ||
| 44 | const char *IM; | ||
| 45 | |||
| 46 | - /* | ||
| 47 | - * Initialize the slc mapping table. | ||
| 48 | - */ | ||
| 49 | - get_slc_defaults(); | ||
| 50 | - | ||
| 51 | /* | ||
| 52 | * Do some tests where it is desireable to wait for a response. | ||
| 53 | * Rather than doing them slowly, one at a time, do them all | ||