| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-39028
https://security-tracker.debian.org/tracker/CVE-2022-39028
Upstream Patch:
https://cgit.freebsd.org/src/commit/?id=6914ffef4e23
- Patch is adopted from FreeBSD, as same vulnerability of
telnetd is applicable to FreeBSD and netkit-telnet packages.
Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d629fe71e4242fc0557f5668d9f223777eb60a0f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
from oe-core
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Its dropped since c++17 and modern compilers have started to error on
its use
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
netoprintf() was not handling a case where
return value of vsnprintf is greater than
"size"(2nd argument), results in buffer overflow
while adjusting "nfrontp" pointer to point
beyond "netobuf" buffer.
Here is one such case where "nfrontp"
crossed boundaries of "netobuf", and
pointing to another global variable.
(gdb) p &netobuf[8255]
$5 = 0x55c93afe8b1f <netobuf+8255> ""
(gdb) p nfrontp
$6 = 0x55c93afe8c20 <terminaltype> "\377"
(gdb) p &terminaltype
$7 = (char **) 0x55c93afe8c20 <terminaltype>
(gdb)
This resulted in crash of telnetd service
with segmentation fault.
Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-10188
Patch from Fedora:
https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The cleanup function in telnetd is called both directly and on SIGCHLD signals.
This triggered a deadlock in glibc and was reproduced in glibc 2.27 while
running on a 4.14.30 kernel.
Signed-off-by: Seiichi Ishitsuka <ishitsuka.sc@ncos.nec.co.jp>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
when check the CC, only compile the object by CC, not run the object.
MCONFIG file includes more configuration, we can not clear it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
netkit-telnet includes the telnetd and client.
telnetd: daemon for telnet protocol.
telnet: client for telnet protocol.
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
