Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Sep 2022 22:36:20 GMT
From:      Brooks Davis <brooks@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: f2aa49e7fda5 - stable/12 - telnetd: fix two-byte input crash
Message-ID:  <202209292236.28TMaK1T039929@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/12 has been updated by brooks:

URL: https://cgit.FreeBSD.org/src/commit/?id=f2aa49e7fda515163da188ec75dba223e2e52216

commit f2aa49e7fda515163da188ec75dba223e2e52216
Author:     Brooks Davis <brooks@FreeBSD.org>
AuthorDate: 2022-09-26 17:56:51 +0000
Commit:     Brooks Davis <brooks@FreeBSD.org>
CommitDate: 2022-09-29 22:36:09 +0000

    telnetd: fix two-byte input crash
    
    Move initialization of the slc table earlier so it doesn't get
    accessed before that happens.
    
    For details on the issue, see:
    https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
    
    Reviewed by:    cy
    Obtained from:  NetBSD via cy
    Differential Revision:  https://reviews.freebsd.org/D36680
    
    (cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8)
---
 contrib/telnet/telnetd/telnetd.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/contrib/telnet/telnetd/telnetd.c b/contrib/telnet/telnetd/telnetd.c
index 522877829735..e12fe70997ab 100644
--- a/contrib/telnet/telnetd/telnetd.c
+++ b/contrib/telnet/telnetd/telnetd.c
@@ -658,6 +658,11 @@ doit(struct sockaddr *who)
 	int err_; /* XXX */
 	int ptynum;
 
+	/*
+	 * Initialize the slc mapping table.
+	 */
+	get_slc_defaults();
+
 	/*
 	 * Find an available pty to use.
 	 */
@@ -741,11 +746,6 @@ telnet(int f, int p, char *host)
 	struct stat statbuf;
 	int nfd;
 
-	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
 	/*
 	 * Do some tests where it is desireable to wait for a response.
 	 * Rather than doing them slowly, one at a time, do them all

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202209292236.28TMaK1T039929>