OpenSDE
/
rocklinux
mirror of https://github.com/amery/rocklinux.git
2
0
Fork 0
Code Releases Wiki Activity
mirror of the now-defunct rocklinux.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5118 Commits
1 Branch
0 Tags
34 MiB
Tree: 00e184dfeb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '00e184dfeb'
${ noResults }
rocklinux/package/base/netkit-telnet/slc_add_reply.patch

30 lines
1.1 KiB
Raw Normal View History

alanw: Fix security vulnerability in netkit-telnet http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 [2005101113024025015] (https://www.rocklinux.net/submaster) git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@6501 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
19 years ago
  1. diff -Naur netkit-telnet-0.17.orig/telnet/telnet.cc netkit-telnet-0.17/telnet/telnet.cc
  2. --- netkit-telnet-0.17.orig/telnet/telnet.cc 2000-07-23 04:24:53.000000000 +0100
  3. +++ netkit-telnet-0.17/telnet/telnet.cc 2005-10-11 11:58:02.000000000 +0100
  4. @@ -1050,6 +1050,7 @@
  7. unsigned char slc_reply[128];
  8. +unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
  9. unsigned char *slc_replyp;
  11. void slc_start_reply(void) {
  12. @@ -1061,6 +1062,18 @@
  13. }
  15. void slc_add_reply(int func, int flags, int value) {
  16. + /* Fix security vulnerability
  17. + * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  18. + *
  19. + * A sequence of up to 6 bytes my be written for this member of the
  20. + * SLC suboption list by this function. The end of negotiation
  21. + * command, which is written by slc_end_reply(), will require 2
  22. + * additional bytes. Do not proceed unless there is sufficient
  23. + * space for these items.
  24. + */
  25. + if (&slc_replyp[6+2] > slc_reply_eom)
  26. + return;
  27. +
  28. if ((*slc_replyp++ = func) == IAC)
  29. *slc_replyp++ = IAC;
  30. if ((*slc_replyp++ = flags) == IAC)