summaryrefslogtreecommitdiffstats
path: root/eBones
diff options
context:
space:
mode:
authormarkm <markm@FreeBSD.org>1997-02-09 15:02:00 +0000
committermarkm <markm@FreeBSD.org>1997-02-09 15:02:00 +0000
commitf8e325b1925ba81eb389159fbaa1cf6e92c3abf6 (patch)
treed270f2199b07758d500af093ee007cc14aa01c3e /eBones
parent6b544b7e1ac3bfe086f0ac248e2849e539363379 (diff)
downloadFreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.zip
FreeBSD-src-f8e325b1925ba81eb389159fbaa1cf6e92c3abf6.tar.gz
Various buffer overrun fixes and other security enhancements.
Obtained from: PST's fixes to the non-secure telnet{d}
Diffstat (limited to 'eBones')
-rw-r--r--eBones/libexec/telnetd/sys_term.c10
-rw-r--r--eBones/libexec/telnetd/telnetd.c12
-rw-r--r--eBones/libexec/telnetd/utility.c1
-rw-r--r--eBones/usr.bin/telnet/Makefile2
-rw-r--r--eBones/usr.bin/telnet/commands.c54
-rw-r--r--eBones/usr.bin/telnet/externs.h3
-rw-r--r--eBones/usr.bin/telnet/sys_bsd.c2
-rw-r--r--eBones/usr.bin/telnet/telnet.c7
8 files changed, 69 insertions, 22 deletions
diff --git a/eBones/libexec/telnetd/sys_term.c b/eBones/libexec/telnetd/sys_term.c
index 5ebd2ad..f9b1617 100644
--- a/eBones/libexec/telnetd/sys_term.c
+++ b/eBones/libexec/telnetd/sys_term.c
@@ -1667,6 +1667,7 @@ start_login(host, autologin, name)
if (auth_level >= 0 && autologin == AUTH_VALID) {
# if !defined(NO_LOGIN_F)
argv = addarg(argv, "-f");
+ argv = addarg(argv, "--");
argv = addarg(argv, name);
# else
# if defined(LOGIN_R)
@@ -1739,17 +1740,14 @@ start_login(host, autologin, name)
pty = xpty;
}
# else
+ argv = addarg(argv, "--");
argv = addarg(argv, name);
# endif
# endif
} else
#endif
- if ((user = getenv("USER"))) {
- if (strchr(user, '-')) {
- syslog(LOG_ERR, "tried to pass user \"%s\" to login",
- user);
- fatal(net, "invalid user");
- }
+ if (getenv("USER")) {
+ argv = addarg(argv, "--");
argv = addarg(argv, getenv("USER"));
#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
{
diff --git a/eBones/libexec/telnetd/telnetd.c b/eBones/libexec/telnetd/telnetd.c
index 5785279..5191653 100644
--- a/eBones/libexec/telnetd/telnetd.c
+++ b/eBones/libexec/telnetd/telnetd.c
@@ -713,12 +713,14 @@ getterminaltype(name)
* we have to just go with what we (might) have already gotten.
*/
if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
- (void) strncpy(first, terminaltype, sizeof(first));
+ (void) strncpy(first, terminaltype, sizeof(first)-1);
+ first[sizeof(first)-1] = '\0';
for(;;) {
/*
* Save the unknown name, and request the next name.
*/
- (void) strncpy(last, terminaltype, sizeof(last));
+ (void) strncpy(last, terminaltype, sizeof(last)-1);
+ last[sizeof(last)-1] = '\0';
_gettermname();
if (terminaltypeok(terminaltype))
break;
@@ -736,8 +738,10 @@ getterminaltype(name)
* the start of the list.
*/
_gettermname();
- if (strncmp(first, terminaltype, sizeof(first)) != 0)
- (void) strncpy(terminaltype, first, sizeof(first));
+ if (strncmp(first, terminaltype, sizeof(first)) != 0) {
+ (void) strncpy(terminaltype, first, sizeof(terminaltype)-1);
+ terminaltype[sizeof(terminaltype)-1] = '\0';
+ }
break;
}
}
diff --git a/eBones/libexec/telnetd/utility.c b/eBones/libexec/telnetd/utility.c
index c8e34b8..b432fb2 100644
--- a/eBones/libexec/telnetd/utility.c
+++ b/eBones/libexec/telnetd/utility.c
@@ -103,6 +103,7 @@ stilloob(s)
do {
FD_ZERO(&excepts);
FD_SET(s, &excepts);
+ memset((char *)&timeout, 0, sizeof timeout);
value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
} while ((value == -1) && (errno == EINTR));
diff --git a/eBones/usr.bin/telnet/Makefile b/eBones/usr.bin/telnet/Makefile
index 876255d..7ec59bc 100644
--- a/eBones/usr.bin/telnet/Makefile
+++ b/eBones/usr.bin/telnet/Makefile
@@ -40,7 +40,7 @@ SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \
terminal.c tn3270.c utilities.c
CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DENCRYPTION
-CFLAGS+=-I${.CURDIR}/../../lib
+CFLAGS+=-DSKEY -I${.CURDIR}/../../lib
LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet
DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP}
diff --git a/eBones/usr.bin/telnet/commands.c b/eBones/usr.bin/telnet/commands.c
index 8e67187..c642877 100644
--- a/eBones/usr.bin/telnet/commands.c
+++ b/eBones/usr.bin/telnet/commands.c
@@ -120,6 +120,37 @@ static char saveline[256];
static int margc;
static char *margv[20];
+#if defined(SKEY)
+#include <sys/wait.h>
+#define PATH_SKEY "/usr/bin/key"
+ int
+skey_calc(argc, argv)
+ int argc;
+ char **argv;
+{
+ int status;
+
+ if(argc != 3) {
+ printf("%s sequence challenge\n", argv[0]);
+ return;
+ }
+
+ switch(fork()) {
+ case 0:
+ execv(PATH_SKEY, argv);
+ exit (1);
+ case -1:
+ perror("fork");
+ break;
+ default:
+ (void) wait(&status);
+ if (WIFEXITED(status))
+ return (WEXITSTATUS(status));
+ return (0);
+ }
+}
+#endif
+
static void
makeargv()
{
@@ -511,7 +542,7 @@ togdebug()
}
#else /* NOT43 */
if (debug) {
- if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
+ if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0)
perror("setsockopt (SO_DEBUG)");
} else
printf("Cannot turn off socket debugging\n");
@@ -2330,10 +2361,15 @@ tn(argc, argv)
} else {
#endif
temp = inet_addr(hostp);
- if (temp != (unsigned long) -1) {
- sin.sin_addr.s_addr = temp;
- sin.sin_family = AF_INET;
- (void) strcpy(_hostname, hostp);
+ if (temp != INADDR_NONE) {
+ sin.sin_addr.s_addr = temp;
+ sin.sin_family = AF_INET;
+ host = gethostbyaddr((char *)&temp, sizeof(temp), AF_INET);
+ if (host)
+ (void) strncpy(_hostname, host->h_name, sizeof(_hostname));
+ else
+ (void) strncpy(_hostname, hostp, sizeof(_hostname));
+ _hostname[sizeof(_hostname)-1] = '\0';
hostname = _hostname;
} else {
host = gethostbyname(hostp);
@@ -2500,6 +2536,9 @@ static char
#if defined(unix)
zhelp[] = "suspend telnet",
#endif /* defined(unix) */
+#if defined(SKEY)
+ skeyhelp[] = "compute response to s/key challenge",
+#endif
shellhelp[] = "invoke a subshell",
envhelp[] = "change environment variables ('environ ?' for more)",
modestring[] = "try to enter line or character mode ('mode ?' for more)";
@@ -2536,6 +2575,9 @@ static Command cmdtab[] = {
#endif
{ "environ", envhelp, env_cmd, 0 },
{ "?", helphelp, help, 0 },
+#if defined(SKEY)
+ { "skey", skeyhelp, skey_calc, 0 },
+#endif
{ 0, 0, 0, 0 }
};
@@ -2721,7 +2763,7 @@ cmdrc(m1, m2)
if (rcname == 0) {
rcname = getenv("HOME");
- if (rcname)
+ if (rcname && (strlen(rcname) + 10) < sizeof(rcbuf))
strcpy(rcbuf, rcname);
else
rcbuf[0] = '\0';
diff --git a/eBones/usr.bin/telnet/externs.h b/eBones/usr.bin/telnet/externs.h
index c588bbc..fb96d9a 100644
--- a/eBones/usr.bin/telnet/externs.h
+++ b/eBones/usr.bin/telnet/externs.h
@@ -145,7 +145,8 @@ extern int
#endif /* defined(TN3270) */
termdata, /* Print out terminal data flow */
#endif /* defined(unix) */
- debug; /* Debug level */
+ debug, /* Debug level */
+ clienteof; /* Client received EOF */
extern cc_t escape; /* Escape to command mode */
extern cc_t rlogin; /* Rlogin mode escape character */
diff --git a/eBones/usr.bin/telnet/sys_bsd.c b/eBones/usr.bin/telnet/sys_bsd.c
index 9a3a723..c906bcf 100644
--- a/eBones/usr.bin/telnet/sys_bsd.c
+++ b/eBones/usr.bin/telnet/sys_bsd.c
@@ -1052,7 +1052,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll)
}
# endif /* defined(TN3270) */
/* I don't like this, does it ever happen? */
- printf("sleep(5) from telnet, after select\r\n");
+ printf("sleep(5) from telnet, after select: %s\r\n", strerror(errno));
sleep(5);
}
return 0;
diff --git a/eBones/usr.bin/telnet/telnet.c b/eBones/usr.bin/telnet/telnet.c
index a0b815b..735499f 100644
--- a/eBones/usr.bin/telnet/telnet.c
+++ b/eBones/usr.bin/telnet/telnet.c
@@ -115,7 +115,8 @@ int
donelclchars, /* the user has set "localchars" */
donebinarytoggle, /* the user has put us in binary */
dontlecho, /* do we suppress local echoing right now? */
- globalmode;
+ globalmode,
+ clienteof = 0;
char *prompt = 0;
@@ -2195,9 +2196,9 @@ Scheduler(block)
ttyout = ring_full_count(&ttyoring);
#if defined(TN3270)
- ttyin = ring_empty_count(&ttyiring) && (shell_active == 0);
+ ttyin = ring_empty_count(&ttyiring) && (clienteof == 0) && (shell_active == 0);
#else /* defined(TN3270) */
- ttyin = ring_empty_count(&ttyiring);
+ ttyin = ring_empty_count(&ttyiring) && (clienteof == 0);
#endif /* defined(TN3270) */
#if defined(TN3270)
OpenPOWER on IntegriCloud