开源软件构建与测试

Changes of Revision 2

_service:tar_scm:telnet.spec Changed

_service:tar_scm:backport-CVE-2022-39028.patch Added

@@ -0,0 +1,48 @@
+Description: Fix remote DoS vulnerability in inetutils-telnetd
+ This is caused by a crash by a NULL pointer dereference when sending the
+ byte sequences «0xff 0xf7» or «0xff 0xf8».
+Authors:
+ Pierre Kim (original patch),
+ Alexandre Torres (original patch),
+ Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
+Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
+Origin: upstream
+Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
+Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
+Last-Update: 2022-08-28
+
+---
+ telnetd/state.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/telnetd/state.c b/telnetd/state.c
+index 0dc61a2..befc9d0 100644
+--- a/telnetd/state.c
++++ b/telnetd/state.c
+@@ -206,12 +206,20 @@ void telrcv(void) {
+ 	      case EC:
+ 	      case EL:
+ 		 {
+-		     cc_t ch;
++		     cc_t ch = (cc_t) (_POSIX_VDISABLE);
+ 		     DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
+ 		     ptyflush();	/* half-hearted */
+ 		     init_termbuf();
+-		     if (c == EC) ch = *slctabSLC_EC.sptr;
+-		     else ch = *slctabSLC_EL.sptr;
++		     if (c == EC) 
++		     {
++		         if (slctabSLC_EC.sptr)
++				ch = *slctabSLC_EC.sptr;
++		     }
++		     else
++		     {
++		         if (slctabSLC_EL.sptr)
++				ch = *slctabSLC_EL.sptr;
++		     }
+ 		     if (ch != (cc_t)(_POSIX_VDISABLE))
+ 			 *pfrontp++ = (unsigned char)ch;
+ 		     break;
+-- 
+2.33.0
+