import telnet-0.17-74.el8_3.1

2021-02-16 02:40:53 -05:00 · 2021-02-16 02:40:53 -05:00 · 6faf140d20
commit 6faf140d20
parent 4381e14355
2 changed files with 50 additions and 3 deletions
--- a/SOURCES/telnet-0.17-pty-retry.patch
+++ b/SOURCES/telnet-0.17-pty-retry.patch
@ -0,0 +1,42 @@
+--- a/telnetd/telnetd.c
+++ b/telnetd/telnetd.c
+@@ -772,7 +772,6 @@ void telnet(int f, int p)
+     int on = 1;
+     char *HE;
+     const char *IM;
+-    int pty_read_ok = 0; /* track whether the pty read has worked yet */
+ 
+     /*
+      * Initialize the slc mapping table.
+@@ -1086,19 +1085,24 @@ void telnet(int f, int p)
+ 	 * Something to read from the pty...
+ 	 */
+ 	if (FD_ISSET(p, &ibits)) {
+	    int eio = 0;
+read_pty:
+ 	    pcc = read(p, ptyibuf, BUFSIZ);
+-	    /*
+-	     * On some systems, if we try to read something
+-	     * off the master side before the slave side is
+-	     * opened, we get EIO.
+-	     */
+-	    if (pcc < 0 && (errno == EWOULDBLOCK || (errno == EIO && pty_read_ok == 0))) {
+	    if (pcc < 0 && errno == EWOULDBLOCK) {
+ 		pcc = 0;
+ 	    } 
+	    /*
+	     * If we try to read something off the master side while the slave
+	     * side is temporarily closed by login process, we get EIO.
+	     */
+	    else if (pcc < 0 && errno == EIO && eio < 1000) {
+		    eio++;
+		    poll(NULL, 0, 10);
+		    goto read_pty;
+	    }
+ 	    else {
+ 		if (pcc <= 0)
+ 		    break;
+-		pty_read_ok = 1;	/* mark connection up for read */
+ #ifdef	LINEMODE
+ 				/*
+ 				 * If ioctl from pty, pass it through net
--- a/SPECS/telnet.spec
+++ b/SPECS/telnet.spec
@ -3,7 +3,7 @@
 Summary: The client program for the Telnet remote login protocol
 Name: telnet
 Version: 0.17
-Release: 73%{?dist}.1
+Release: 74%{?dist}.1
 Epoch: 1
 License: BSD
 Group: Applications/Internet
@ -42,6 +42,7 @@ Patch30: netkit-telnet-0.17-manpage.patch
 Patch31: netkit-telnet-0.17-covscan.patch
 Patch32: telnet-log-address.patch
 Patch33: telnet-0.17-overflow-exploit.patch
+Patch34: telnet-0.17-pty-retry.patch

 BuildRequires: ncurses-devel systemd
 BuildRequires: perl-interpreter
@ -99,6 +100,7 @@ mv telnet telnet-NETKIT
 %patch31 -p1 -b .covscan
 %patch32 -p1 -b .log-address
 %patch33 -p1 -b .overflow
+%patch34 -p1 -b .pty-retry

 %build
 %ifarch s390 s390x
@ -164,8 +166,11 @@ install -p -m644 %SOURCE6 ${RPM_BUILD_ROOT}%{_unitdir}/telnet.socket
 %{_mandir}/man8/telnetd.8*

 %changelog
-* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-73.1
- Resolves: #1814473 - Arbitrary remote code execution in utility.c via short writes or urgent data
+* Tue Dec 15 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-74.1
+- Resolves: #1907283 - in.telnetd needs to tolerate temporary EIO errors
+
+* Thu Mar 26 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-74
+- Resolves: #1814474 - Arbitrary remote code execution in utility.c via short writes or urgent data

 * Thu Oct 04 2018 Michal Ruprich <mruprich@redhat.com> - 1:0.17-73
 - Resolves: #1602711 - Please review important issues found by covscan