Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Apr 2003 23:43:29 -0700
From:      Tim Kientzle <kientzle@acm.org>
To:        freebsd-stable@freebsd.org
Subject:   Kerberized Telnet Badly Broken (Patch enclosed)
Message-ID:  <3EA78791.6030009@acm.org>

next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------030805080106090203000104
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Ugh.

With MAKE_KERBEROS5=yes, on a recent STABLE,
I get the following trying to use Kerberized telnet:

# telnet -l test big.x.kientzle.com
Trying 66.166.149.54...
Connected to big.x.kientzle.com.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/big.x.kientzle.com@X.KIENTZLE.COM)... ]
Bus error (core dumped)

Fortunately, it's pretty easy to track down:

(gdb) up
#2  0x804a79d in net_write (str=0x4 <Address 0x4 out of bounds>,
     len=-1077940804)
     at 
/usr/src/stable/kerberos5/usr.bin/telnet/../../../crypto/telnet/telnet/authenc.c:61
61                      ring_supply_data(&netoring, str, len);
(gdb) up
#3  0x280e1046 in send_and_recv_tcp (fd=4, tmout=3, req=0xbfbfeeac,
     rep=0xbfbfeea4)
     at 
/usr/src/stable/kerberos5/lib/libkrb5/../../../crypto/heimdal/lib/krb5/send_to_kdc.c:139
139         if(net_write(fd, len, sizeof(len)) < 0)


Problem: libkrb5 is trying to use net_write
defined in libroken, but is getting net_write
from the telnet sources instead.

Fix: rename net_write in the telnet sources
to telnet_net_write.  Patchfile attached,
if someone would be kind enough to review
and commit it.

This seems to keep the telnet client from
crashing, at least, although now telnetd
is giving me fits.  <sigh>

Tim Kientzle

--------------030805080106090203000104
Content-Type: text/plain;
 name="kientzle_telnet_net_write.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="kientzle_telnet_net_write.diff"

Index: libtelnet/auth.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/auth.c,v
retrieving revision 1.3.2.5
diff -u -r1.3.2.5 auth.c
--- libtelnet/auth.c	13 Apr 2002 10:59:07 -0000	1.3.2.5
+++ libtelnet/auth.c	24 Apr 2003 06:26:22 -0000
@@ -359,7 +359,7 @@
 		}
 		*e++ = IAC;
 		*e++ = SE;
-		net_write(str_request, e - str_request);
+		telnet_net_write(str_request, e - str_request);
 		printsub('>', &str_request[2], e - str_request - 2);
 	}
 }
@@ -444,7 +444,7 @@
 		}
 		auth_send_data += 2;
 	}
-	net_write(str_none, sizeof(str_none));
+	telnet_net_write(str_none, sizeof(str_none));
 	printsub('>', &str_none[2], sizeof(str_none) - 2);
 	if (auth_debug_mode)
 		printf(">>>%s: Sent failure message\r\n", Name);
@@ -537,7 +537,7 @@
 	}
 	*e++ = IAC;
 	*e++ = SE;
-	net_write(str_request, e - str_request);
+	telnet_net_write(str_request, e - str_request);
 	printsub('>', &str_request[2], e - &str_request[2]);
 	return(1);
 }
Index: libtelnet/enc_des.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/enc_des.c,v
retrieving revision 1.3.2.1
diff -u -r1.3.2.1 enc_des.c
--- libtelnet/enc_des.c	13 Apr 2002 10:59:07 -0000	1.3.2.1
+++ libtelnet/enc_des.c	24 Apr 2003 06:26:11 -0000
@@ -225,7 +225,7 @@
 		*p++ = IAC;
 		*p++ = SE;
 		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
 		break;
 	default:
 		return(FAILED);
@@ -284,7 +284,7 @@
 		*p++ = IAC;
 		*p++ = SE;
 		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
 
 		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
 		break;
@@ -309,7 +309,7 @@
 		*p++ = IAC;
 		*p++ = SE;
 		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
+		telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
 
 		break;
 	}
Index: libtelnet/encrypt.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/encrypt.c,v
retrieving revision 1.3.2.2
diff -u -r1.3.2.2 encrypt.c
--- libtelnet/encrypt.c	13 Apr 2002 10:59:07 -0000	1.3.2.2
+++ libtelnet/encrypt.c	24 Apr 2003 06:25:58 -0000
@@ -427,7 +427,7 @@
 		 */
 		if (!Server && autodecrypt)
 			encrypt_send_request_start();
-		net_write(str_send, str_suplen);
+		telnet_net_write(str_send, str_suplen);
 		printsub('>', &str_send[2], str_suplen - 2);
 		str_suplen = 0;
 	}
@@ -773,7 +773,7 @@
 	}
 	*strp++ = IAC;
 	*strp++ = SE;
-	net_write(str_keyid, strp - str_keyid);
+	telnet_net_write(str_keyid, strp - str_keyid);
 	printsub('>', &str_keyid[2], strp - str_keyid - 2);
 }
 
@@ -832,7 +832,7 @@
 	}
 	*p++ = IAC;
 	*p++ = SE;
-	net_write(str_start, p - str_start);
+	telnet_net_write(str_start, p - str_start);
 	net_encrypt();
 	printsub('>', &str_start[2], p - &str_start[2]);
 	/*
@@ -858,7 +858,7 @@
 		return;
 
 	str_end[3] = ENCRYPT_END;
-	net_write(str_end, sizeof(str_end));
+	telnet_net_write(str_end, sizeof(str_end));
 	net_encrypt();
 	printsub('>', &str_end[2], sizeof(str_end) - 2);
 	/*
@@ -886,7 +886,7 @@
 	}
 	*p++ = IAC;
 	*p++ = SE;
-	net_write(str_start, p - str_start);
+	telnet_net_write(str_start, p - str_start);
 	printsub('>', &str_start[2], p - &str_start[2]);
 	if (encrypt_debug_mode)
 		printf(">>>%s: Request input to be encrypted\r\n", Name);
@@ -896,7 +896,7 @@
 encrypt_send_request_end(void)
 {
 	str_end[3] = ENCRYPT_REQEND;
-	net_write(str_end, sizeof(str_end));
+	telnet_net_write(str_end, sizeof(str_end));
 	printsub('>', &str_end[2], sizeof(str_end) - 2);
 
 	if (encrypt_debug_mode)
Index: libtelnet/kerberos.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/kerberos.c,v
retrieving revision 1.3.2.1
diff -u -r1.3.2.1 kerberos.c
--- libtelnet/kerberos.c	13 Apr 2002 10:59:07 -0000	1.3.2.1
+++ libtelnet/kerberos.c	24 Apr 2003 06:25:34 -0000
@@ -126,7 +126,7 @@
 	*p++ = SE;
 	if (str_data[3] == TELQUAL_IS)
 		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(net_write(str_data, p - str_data));
+	return(telnet_net_write(str_data, p - str_data));
 }
 
 int
Index: libtelnet/kerberos5.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/kerberos5.c,v
retrieving revision 1.1.1.1.8.1
diff -u -r1.1.1.1.8.1 kerberos5.c
--- libtelnet/kerberos5.c	13 Apr 2002 10:59:07 -0000	1.1.1.1.8.1
+++ libtelnet/kerberos5.c	24 Apr 2003 06:25:28 -0000
@@ -128,7 +128,7 @@
     *p++ = SE;
     if (str_data[3] == TELQUAL_IS)
 	printsub('>', &str_data[2], p - &str_data[2]);
-    return(net_write(str_data, p - str_data));
+    return(telnet_net_write(str_data, p - str_data));
 }
 
 int
Index: libtelnet/krb4encpwd.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/krb4encpwd.c,v
retrieving revision 1.3.2.1
diff -u -r1.3.2.1 krb4encpwd.c
--- libtelnet/krb4encpwd.c	13 Apr 2002 10:59:07 -0000	1.3.2.1
+++ libtelnet/krb4encpwd.c	24 Apr 2003 06:25:19 -0000
@@ -146,7 +146,7 @@
 	*p++ = SE;
 	if (str_data[3] == TELQUAL_IS)
 		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(net_write(str_data, p - str_data));
+	return(telnet_net_write(str_data, p - str_data));
 }
 
 	int
Index: libtelnet/misc-proto.h
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/misc-proto.h,v
retrieving revision 1.1.1.1.8.1
diff -u -r1.1.1.1.8.1 misc-proto.h
--- libtelnet/misc-proto.h	13 Apr 2002 10:59:07 -0000	1.1.1.1.8.1
+++ libtelnet/misc-proto.h	24 Apr 2003 06:25:00 -0000
@@ -71,7 +71,7 @@
 /*
  * These functions are imported from the application
  */
-int net_write(unsigned char *, int);
+int telnet_net_write(unsigned char *, int);
 void net_encrypt(void);
 int telnet_spin(void);
 char *telnet_getenv(char *);
Index: libtelnet/rsaencpwd.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/rsaencpwd.c,v
retrieving revision 1.1.1.1.8.1
diff -u -r1.1.1.1.8.1 rsaencpwd.c
--- libtelnet/rsaencpwd.c	13 Apr 2002 10:59:07 -0000	1.1.1.1.8.1
+++ libtelnet/rsaencpwd.c	24 Apr 2003 06:24:53 -0000
@@ -142,7 +142,7 @@
 	*p++ = SE;
 	if (str_data[3] == TELQUAL_IS)
 		printsub('>', &str_data[2], p - (&str_data[2]));
-	return(net_write(str_data, p - str_data));
+	return(telnet_net_write(str_data, p - str_data));
 }
 
 	int
Index: libtelnet/sra.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/libtelnet/sra.c,v
retrieving revision 1.1.2.7
diff -u -r1.1.2.7 sra.c
--- libtelnet/sra.c	16 May 2002 08:46:49 -0000	1.1.2.7
+++ libtelnet/sra.c	24 Apr 2003 06:24:46 -0000
@@ -106,7 +106,7 @@
         *p++ = SE;
 	if (str_data[3] == TELQUAL_IS)
 		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
+        return(telnet_net_write(str_data, p - str_data));
 }
 
 int
Index: telnet/authenc.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/telnet/authenc.c,v
retrieving revision 1.2.8.2
diff -u -r1.2.8.2 authenc.c
--- telnet/authenc.c	13 Apr 2002 10:59:08 -0000	1.2.8.2
+++ telnet/authenc.c	24 Apr 2003 06:24:35 -0000
@@ -55,7 +55,7 @@
 #include "types.h"
 
 int
-net_write(unsigned char *str, int len)
+telnet_net_write(unsigned char *str, int len)
 {
 	if (NETROOM() > len) {
 		ring_supply_data(&netoring, str, len);
Index: telnetd/authenc.c
===================================================================
RCS file: /usr/src/cvs/src/crypto/telnet/telnetd/authenc.c,v
retrieving revision 1.4.2.2
diff -u -r1.4.2.2 authenc.c
--- telnetd/authenc.c	13 Apr 2002 10:59:08 -0000	1.4.2.2
+++ telnetd/authenc.c	24 Apr 2003 06:24:28 -0000
@@ -47,7 +47,7 @@
 #include <libtelnet/misc.h>
 
 int
-net_write(unsigned char *str, int len)
+telnet_net_write(unsigned char *str, int len)
 {
 	if (nfrontp + len < netobuf + BUFSIZ) {
 		output_datalen(str, len);

--------------030805080106090203000104--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EA78791.6030009>