telnet-bsd: Fix security and portability issues

author: Ismael Luceno 2021-01-19 19:16:52 +0100
committer: Ismael Luceno 2021-01-19 19:21:03 +0100
commit: 10f160796f625d6fdafa886011283200cf9493cd (patch)
tree: 53ace03e64ed2c2799c69f2652dd4175bf8961b3 /net
parent: 481994238add0379e7de79f9bc65ecbc95e4d716 (diff)
6 files changed, 179 insertions, 0 deletions
diff --git a/net/telnet-bsd/DETAILS b/net/telnet-bsd/DETAILS
index 5e1779b09f..456788ad91 100755
--- a/net/telnet-bsd/DETAILS
+++ b/net/telnet-bsd/DETAILS
@@ -1,5 +1,6 @@
            SPELL=telnet-bsd
          VERSION=1.2
+  SECURITY_PATCH=1
           SOURCE=$SPELL-$VERSION.tar.bz2
 SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION
    SOURCE_URL[0]=ftp://ftp.suse.com/pub/people/kukuk/ipv6/$SOURCE
diff --git a/net/telnet-bsd/HISTORY b/net/telnet-bsd/HISTORY
index 58e13fd1d0..17618db81f 100644
--- a/net/telnet-bsd/HISTORY
+++ b/net/telnet-bsd/HISTORY
@@ -1,3 +1,12 @@
+2021-01-19 Ismael Luceno <ismael@sourcemage.org>
+	* PRE_BUILD: added to apply patches
+	* patches/0001-Let-telnetd-build-without-utmp-and-logwtmp-3--.patch:
+	  added patch to remove dependency on utmp; not needed on modern systems
+	* patches/0002-portability-fixes.patch: added portability fixes
+	* patches/telnet-bsd-1.2-format-security.patch:
+	  fixed printf-related security issues
+	* DETAILS: SECURITY_PATCH++
+
 2010-06-02 Robert Figura <template@sourcemage.org>
 	* CONFLICTS: krb5-appl, netkit-telnet
 
diff --git a/net/telnet-bsd/PRE_BUILD b/net/telnet-bsd/PRE_BUILD
new file mode 100755
index 0000000000..c230ad14bf
--- /dev/null
+++ b/net/telnet-bsd/PRE_BUILD
@@ -0,0 +1,3 @@
+default_pre_build &&
+cd "$SOURCE_DIRECTORY" &&
+apply_patch_dir patches
diff --git a/net/telnet-bsd/patches/0001-Let-telnetd-build-without-utmp-and-logwtmp-3--.patch b/net/telnet-bsd/patches/0001-Let-telnetd-build-without-utmp-and-logwtmp-3--.patch
new file mode 100644
index 0000000000..a165634c5d
--- /dev/null
+++ b/net/telnet-bsd/patches/0001-Let-telnetd-build-without-utmp-and-logwtmp-3--.patch
@@ -0,0 +1,64 @@
+From c2fd39cb4de1012b51b4770b4a596d930c261ea1 Mon Sep 17 00:00:00 2001
+From: Ed Schouten <ed@FreeBSD.org>
+Date: Wed, 13 Jan 2010 18:37:42 +0000
+Subject: [PATCH] Let telnetd build without utmp and logwtmp(3).
+
+Just like rlogind, there is no need to change the ownership of the
+terminal during shutdown anymore. Also don't call logwtmp, because the
+login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead
+of 2.
+
+[ismael@sourcemage.org: modified for the telnet-bsd package]
+
+---
+ telnetd/sys_term.c | 19 +------------------
+ telnetd/telnetd.c  |  1 -
+ 2 files changed, 1 insertion(+), 19 deletions(-)
+
+diff --git a/telnetd/sys_term.c b/contrib/telnet/telnetd/sys_term.c
+index 498c3427b26d8..a7b0075f387d2 100644
+--- a/telnetd/sys_term.c
++++ b/telnetd/sys_term.c
+@@ -27,7 +27,6 @@
+  * SUCH DAMAGE.
+  */
+ 
+-#include <utmp.h>
+ #include <pty.h>
+ 
+ #include "telnetd.h"
+@@ -820,33 +819,8 @@ scrub_env(void)
+ void
+ cleanup (int sig)
+ {
+-  sigset_t sigset;
+-  char *p;
+   (void) sig;
+ 
+-  p = line + sizeof ("/dev/") - 1;
+-
+-  /* logout() is not thread safe, so make sure we don't
+-   * receive another signal while we're in that function. */
+-  sigfillset(&sigset);
+-  sigprocmask(SIG_SETMASK, &sigset, &sigset);
+-  if (logout (p))
+-    logwtmp (p, "", "");
+-  sigprocmask(SIG_SETMASK, &sigset, NULL);
+-#ifdef PARANOID_TTYS
+-  /*
+-   * dholland 16-Aug-96 chmod the tty when not in use
+-   * This will make it harder to attach unwanted stuff to it
+-   * (which is a security risk) but will break some programs.
+-   */
+-  chmod (line, 0600);
+-#else
+-  chmod (line, 0666);
+-#endif
+-  chown (line, 0, 0);
+-  *p = 'p';
+-  chmod (line, 0666);
+-  chown (line, 0, 0);
+-  shutdown (net, 2);
++  (void)shutdown(net, SHUT_RDWR);
+   exit (1);
+ }
diff --git a/net/telnet-bsd/patches/0002-portability-fixes.patch b/net/telnet-bsd/patches/0002-portability-fixes.patch
new file mode 100644
index 0000000000..b76245420a
--- /dev/null
+++ b/net/telnet-bsd/patches/0002-portability-fixes.patch
@@ -0,0 +1,48 @@
+Portability fixes; required for musl libc.
+
+--- a/telnet/commands.c
++++ b/telnet/commands.c
+@@ -29,6 +29,7 @@
+ 
+ #include "telnet_locl.h"
+ #include <err.h>
++#include <unistd.h>
+ 
+ #if	defined(IPPROTO_IP) && defined(IP_TOS)
+ int tos = -1;
+--- a/telnet/ring.h
++++ b/telnet/ring.h
+@@ -28,7 +28,8 @@
+  *
+  */
+ 
+-#include <sys/cdefs.h>
++#include <sys/types.h>
++#define __P(x) x
+ #define P __P
+ 
+ /*
+--- a/telnet/misc-proto.h
++++ b/telnet/misc-proto.h
+@@ -63,7 +63,7 @@
+ #ifndef	__MISC_PROTO__
+ #define	__MISC_PROTO__
+ 
+-#include <sys/cdefs.h>
++#define __P(x) x
+ 
+ void auth_encrypt_init __P((char *, char *, char *, int));
+ void auth_encrypt_user __P((char *));
+--- a/telnetd/setproctitle.c
++++ b/telnetd/setproctitle.c
+@@ -72,6 +72,9 @@
+ static char **Argv = NULL;		/* pointer to argument vector */
+ static char *LastArgv = NULL;		/* end of argv */
+ static char Argv0[128];			/* program name */
++extern char **environ;
++#undef __environ
++#define __environ environ
+ 
+ void
+ initsetproctitle(int argc, char **argv, char **envp)
+
diff --git a/net/telnet-bsd/patches/telnet-bsd-1.2-format-security.patch b/net/telnet-bsd/patches/telnet-bsd-1.2-format-security.patch
new file mode 100644
index 0000000000..6870f2ee7c
--- /dev/null
+++ b/net/telnet-bsd/patches/telnet-bsd-1.2-format-security.patch
@@ -0,0 +1,54 @@
+Origin: Gentoo
+
+--- a/telnet/utilities.c
++++ b/telnet/utilities.c
+@@ -739,22 +739,22 @@ printsub(char direction, unsigned char *pointer, int length)
+ 		case ENV_VAR:
+ 		  if (pointer[1] == TELQUAL_SEND)
+ 		    goto def_case;
+-		  fprintf(NetTrace, "\" VAR " + noquote);
++		  fprintf(NetTrace, "%s", "\" VAR " + noquote);
+ 		  noquote = 2;
+ 		  break;
+ 
+ 		case ENV_VALUE:
+-		  fprintf(NetTrace, "\" VALUE " + noquote);
++		  fprintf(NetTrace, "%s", "\" VALUE " + noquote);
+ 		  noquote = 2;
+ 		  break;
+ 
+ 		case ENV_ESC:
+-		  fprintf(NetTrace, "\" ESC " + noquote);
++		  fprintf(NetTrace, "%s", "\" ESC " + noquote);
+ 		  noquote = 2;
+ 		  break;
+ 
+ 		case ENV_USERVAR:
+-		  fprintf(NetTrace, "\" USERVAR " + noquote);
++		  fprintf(NetTrace, "%s", "\" USERVAR " + noquote);
+ 		  noquote = 2;
+ 		  break;
+ 
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -897,17 +897,17 @@ printsub(char direction, unsigned char *pointer, int length)
+ 			case ENV_VAR:
+ 			    if (pointer[1] == TELQUAL_SEND)
+ 				goto def_case;
+-			    netoprintf("\" VAR " + noquote);
++			    netoprintf("%s", "\" VAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_VALUE:
+-			    netoprintf("\" VALUE " + noquote);
++			    netoprintf("%s", "\" VALUE " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_ESC:
+-			    netoprintf("\" ESC " + noquote);
++			    netoprintf("%s", "\" ESC " + noquote);
+ 			    noquote = 2;
+ 			    break;
+
author	Ismael Luceno	2021-01-19 19:16:52 +0100
committer	Ismael Luceno	2021-01-19 19:21:03 +0100
commit	10f160796f625d6fdafa886011283200cf9493cd (patch)
tree	53ace03e64ed2c2799c69f2652dd4175bf8961b3 /net
parent	481994238add0379e7de79f9bc65ecbc95e4d716 (diff)