diff options
author | markm <markm@FreeBSD.org> | 1997-02-09 15:02:00 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 1997-02-09 15:02:00 +0000 |
commit | f8e325b1925ba81eb389159fbaa1cf6e92c3abf6 (patch) | |
tree | d270f2199b07758d500af093ee007cc14aa01c3e /eBones | |
parent | 6b544b7e1ac3bfe086f0ac248e2849e539363379 (diff) | |
download | FreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.zip FreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.tar.gz |
Various buffer overrun fixes and other security enhancements.
Obtained from: PST's fixes to the non-secure telnet{d}
Diffstat (limited to 'eBones')
-rw-r--r-- | eBones/libexec/telnetd/sys_term.c | 10 | ||||
-rw-r--r-- | eBones/libexec/telnetd/telnetd.c | 12 | ||||
-rw-r--r-- | eBones/libexec/telnetd/utility.c | 1 | ||||
-rw-r--r-- | eBones/usr.bin/telnet/Makefile | 2 | ||||
-rw-r--r-- | eBones/usr.bin/telnet/commands.c | 54 | ||||
-rw-r--r-- | eBones/usr.bin/telnet/externs.h | 3 | ||||
-rw-r--r-- | eBones/usr.bin/telnet/sys_bsd.c | 2 | ||||
-rw-r--r-- | eBones/usr.bin/telnet/telnet.c | 7 |
8 files changed, 69 insertions, 22 deletions
diff --git a/eBones/libexec/telnetd/sys_term.c b/eBones/libexec/telnetd/sys_term.c index 5ebd2ad..f9b1617 100644 --- a/eBones/libexec/telnetd/sys_term.c +++ b/eBones/libexec/telnetd/sys_term.c @@ -1667,6 +1667,7 @@ start_login(host, autologin, name) if (auth_level >= 0 && autologin == AUTH_VALID) { # if !defined(NO_LOGIN_F) argv = addarg(argv, "-f"); + argv = addarg(argv, "--"); argv = addarg(argv, name); # else # if defined(LOGIN_R) @@ -1739,17 +1740,14 @@ start_login(host, autologin, name) pty = xpty; } # else + argv = addarg(argv, "--"); argv = addarg(argv, name); # endif # endif } else #endif - if ((user = getenv("USER"))) { - if (strchr(user, '-')) { - syslog(LOG_ERR, "tried to pass user \"%s\" to login", - user); - fatal(net, "invalid user"); - } + if (getenv("USER")) { + argv = addarg(argv, "--"); argv = addarg(argv, getenv("USER")); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { diff --git a/eBones/libexec/telnetd/telnetd.c b/eBones/libexec/telnetd/telnetd.c index 5785279..5191653 100644 --- a/eBones/libexec/telnetd/telnetd.c +++ b/eBones/libexec/telnetd/telnetd.c @@ -713,12 +713,14 @@ getterminaltype(name) * we have to just go with what we (might) have already gotten. */ if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { - (void) strncpy(first, terminaltype, sizeof(first)); + (void) strncpy(first, terminaltype, sizeof(first)-1); + first[sizeof(first)-1] = '\0'; for(;;) { /* * Save the unknown name, and request the next name. */ - (void) strncpy(last, terminaltype, sizeof(last)); + (void) strncpy(last, terminaltype, sizeof(last)-1); + last[sizeof(last)-1] = '\0'; _gettermname(); if (terminaltypeok(terminaltype)) break; @@ -736,8 +738,10 @@ getterminaltype(name) * the start of the list. */ _gettermname(); - if (strncmp(first, terminaltype, sizeof(first)) != 0) - (void) strncpy(terminaltype, first, sizeof(first)); + if (strncmp(first, terminaltype, sizeof(first)) != 0) { + (void) strncpy(terminaltype, first, sizeof(terminaltype)-1); + terminaltype[sizeof(terminaltype)-1] = '\0'; + } break; } } diff --git a/eBones/libexec/telnetd/utility.c b/eBones/libexec/telnetd/utility.c index c8e34b8..b432fb2 100644 --- a/eBones/libexec/telnetd/utility.c +++ b/eBones/libexec/telnetd/utility.c @@ -103,6 +103,7 @@ stilloob(s) do { FD_ZERO(&excepts); FD_SET(s, &excepts); + memset((char *)&timeout, 0, sizeof timeout); value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout); } while ((value == -1) && (errno == EINTR)); diff --git a/eBones/usr.bin/telnet/Makefile b/eBones/usr.bin/telnet/Makefile index 876255d..7ec59bc 100644 --- a/eBones/usr.bin/telnet/Makefile +++ b/eBones/usr.bin/telnet/Makefile @@ -40,7 +40,7 @@ SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ terminal.c tn3270.c utilities.c CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DENCRYPTION -CFLAGS+=-I${.CURDIR}/../../lib +CFLAGS+=-DSKEY -I${.CURDIR}/../../lib LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP} diff --git a/eBones/usr.bin/telnet/commands.c b/eBones/usr.bin/telnet/commands.c index 8e67187..c642877 100644 --- a/eBones/usr.bin/telnet/commands.c +++ b/eBones/usr.bin/telnet/commands.c @@ -120,6 +120,37 @@ static char saveline[256]; static int margc; static char *margv[20]; +#if defined(SKEY) +#include <sys/wait.h> +#define PATH_SKEY "/usr/bin/key" + int +skey_calc(argc, argv) + int argc; + char **argv; +{ + int status; + + if(argc != 3) { + printf("%s sequence challenge\n", argv[0]); + return; + } + + switch(fork()) { + case 0: + execv(PATH_SKEY, argv); + exit (1); + case -1: + perror("fork"); + break; + default: + (void) wait(&status); + if (WIFEXITED(status)) + return (WEXITSTATUS(status)); + return (0); + } +} +#endif + static void makeargv() { @@ -511,7 +542,7 @@ togdebug() } #else /* NOT43 */ if (debug) { - if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0) + if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) perror("setsockopt (SO_DEBUG)"); } else printf("Cannot turn off socket debugging\n"); @@ -2330,10 +2361,15 @@ tn(argc, argv) } else { #endif temp = inet_addr(hostp); - if (temp != (unsigned long) -1) { - sin.sin_addr.s_addr = temp; - sin.sin_family = AF_INET; - (void) strcpy(_hostname, hostp); + if (temp != INADDR_NONE) { + sin.sin_addr.s_addr = temp; + sin.sin_family = AF_INET; + host = gethostbyaddr((char *)&temp, sizeof(temp), AF_INET); + if (host) + (void) strncpy(_hostname, host->h_name, sizeof(_hostname)); + else + (void) strncpy(_hostname, hostp, sizeof(_hostname)); + _hostname[sizeof(_hostname)-1] = '\0'; hostname = _hostname; } else { host = gethostbyname(hostp); @@ -2500,6 +2536,9 @@ static char #if defined(unix) zhelp[] = "suspend telnet", #endif /* defined(unix) */ +#if defined(SKEY) + skeyhelp[] = "compute response to s/key challenge", +#endif shellhelp[] = "invoke a subshell", envhelp[] = "change environment variables ('environ ?' for more)", modestring[] = "try to enter line or character mode ('mode ?' for more)"; @@ -2536,6 +2575,9 @@ static Command cmdtab[] = { #endif { "environ", envhelp, env_cmd, 0 }, { "?", helphelp, help, 0 }, +#if defined(SKEY) + { "skey", skeyhelp, skey_calc, 0 }, +#endif { 0, 0, 0, 0 } }; @@ -2721,7 +2763,7 @@ cmdrc(m1, m2) if (rcname == 0) { rcname = getenv("HOME"); - if (rcname) + if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf)) strcpy(rcbuf, rcname); else rcbuf[0] = '\0'; diff --git a/eBones/usr.bin/telnet/externs.h b/eBones/usr.bin/telnet/externs.h index c588bbc..fb96d9a 100644 --- a/eBones/usr.bin/telnet/externs.h +++ b/eBones/usr.bin/telnet/externs.h @@ -145,7 +145,8 @@ extern int #endif /* defined(TN3270) */ termdata, /* Print out terminal data flow */ #endif /* defined(unix) */ - debug; /* Debug level */ + debug, /* Debug level */ + clienteof; /* Client received EOF */ extern cc_t escape; /* Escape to command mode */ extern cc_t rlogin; /* Rlogin mode escape character */ diff --git a/eBones/usr.bin/telnet/sys_bsd.c b/eBones/usr.bin/telnet/sys_bsd.c index 9a3a723..c906bcf 100644 --- a/eBones/usr.bin/telnet/sys_bsd.c +++ b/eBones/usr.bin/telnet/sys_bsd.c @@ -1052,7 +1052,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll) } # endif /* defined(TN3270) */ /* I don't like this, does it ever happen? */ - printf("sleep(5) from telnet, after select\r\n"); + printf("sleep(5) from telnet, after select: %s\r\n", strerror(errno)); sleep(5); } return 0; diff --git a/eBones/usr.bin/telnet/telnet.c b/eBones/usr.bin/telnet/telnet.c index a0b815b..735499f 100644 --- a/eBones/usr.bin/telnet/telnet.c +++ b/eBones/usr.bin/telnet/telnet.c @@ -115,7 +115,8 @@ int donelclchars, /* the user has set "localchars" */ donebinarytoggle, /* the user has put us in binary */ dontlecho, /* do we suppress local echoing right now? */ - globalmode; + globalmode, + clienteof = 0; char *prompt = 0; @@ -2195,9 +2196,9 @@ Scheduler(block) ttyout = ring_full_count(&ttyoring); #if defined(TN3270) - ttyin = ring_empty_count(&ttyiring) && (shell_active == 0); + ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0); #else /* defined(TN3270) */ - ttyin = ring_empty_count(&ttyiring); + ttyin = ring_empty_count(&ttyiring) && (clienteof == 0); #endif /* defined(TN3270) */ #if defined(TN3270) |