Resolves: #1882606 - in.telnetd needs to tolerate temporary EIO errors

This commit is contained in:
Michal Ruprich 2020-09-25 08:47:35 +02:00
parent b0d878d6ae
commit 7fe48cbcb5
2 changed files with 49 additions and 2 deletions

View File

@ -0,0 +1,42 @@
--- a/telnetd/telnetd.c
+++ b/telnetd/telnetd.c
@@ -772,7 +772,6 @@ void telnet(int f, int p)
int on = 1;
char *HE;
const char *IM;
- int pty_read_ok = 0; /* track whether the pty read has worked yet */
/*
* Initialize the slc mapping table.
@@ -1086,19 +1085,24 @@ void telnet(int f, int p)
* Something to read from the pty...
*/
if (FD_ISSET(p, &ibits)) {
+ int eio = 0;
+read_pty:
pcc = read(p, ptyibuf, BUFSIZ);
- /*
- * On some systems, if we try to read something
- * off the master side before the slave side is
- * opened, we get EIO.
- */
- if (pcc < 0 && (errno == EWOULDBLOCK || (errno == EIO && pty_read_ok == 0))) {
+ if (pcc < 0 && errno == EWOULDBLOCK) {
pcc = 0;
}
+ /*
+ * If we try to read something off the master side while the slave
+ * side is temporarily closed by login process, we get EIO.
+ */
+ else if (pcc < 0 && errno == EIO && eio < 1000) {
+ eio++;
+ poll(NULL, 0, 10);
+ goto read_pty;
+ }
else {
if (pcc <= 0)
break;
- pty_read_ok = 1; /* mark connection up for read */
#ifdef LINEMODE
/*
* If ioctl from pty, pass it through net

View File

@ -3,7 +3,7 @@
Summary: The client program for the Telnet remote login protocol
Name: telnet
Version: 0.17
Release: 80%{?dist}
Release: 81%{?dist}
Epoch: 1
License: BSD
Source0: ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/netkit-telnet-%{version}.tar.gz
@ -41,6 +41,7 @@ Patch30: netkit-telnet-0.17-manpage.patch
Patch31: netkit-telnet-0.17-telnetrc.patch
Patch32: telnet-log-address.patch
Patch33: telnet-0.17-overflow-exploit.patch
Patch34: telnet-0.17-pty-retry.patch
BuildRequires: ncurses-devel systemd gcc gcc-c++
BuildRequires: perl-interpreter
@ -97,6 +98,7 @@ mv telnet telnet-NETKIT
%patch31 -p1 -b .telnetrc
%patch32 -p1 -b .log-address
%patch33 -p1 -b .overflow
%patch34 -p1 -b .pty-retry
%build
%ifarch s390 s390x
@ -161,10 +163,13 @@ install -p -m644 %SOURCE6 ${RPM_BUILD_ROOT}%{_unitdir}/telnet.socket
%{_mandir}/man8/telnetd.8*
%changelog
* Fri Sep 25 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-81
- Resolves: #1882606 - in.telnetd needs to tolerate temporary EIO errors
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.17-80
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Mar 27 2020 Michal Ruprich <michalruprich@gmail.com> - 1:0.17-79
* Fri Mar 27 2020 Michal Ruprich <mruprich@redhat.com> - 1:0.17-79
- Resolves: #1814478 - Arbitrary remote code execution in utility.c via short writes or urgent data
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.17-78