[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 3/3] telnet: Avoid command evaluation crashes.
From: |
Erik Auerswald |
Subject: |
Re: [PATCH 3/3] telnet: Avoid command evaluation crashes. |
Date: |
Sat, 3 Sep 2022 19:07:52 +0200 |
Hello Simon,
On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
> Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
>
> >> Please test commit access by pushing the patch, after writing
> >> a suitable NEWS entry.
> >
> > I have just committed and pushed the telnetd crash fix patch[1],
> > including a NEWS entry.
> >
> > [1] https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
>
> Looks great!
Thanks! :-)
> [...]
> did you notice some fuzzing report that wasn't fixed?
I think the following reports have not yet been addressed:
* Problems found in ftp (the code did not change since the reports):
* Untrusted Pointer Dereference in domacro() at inetutils/ftp/domacro.c:186
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00003.html
(https://savannah.gnu.org/bugs/?61722)
* Infinite Loop in domacro at domacro.c:258
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html
https://savannah.gnu.org/bugs/?61724
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00008.html
* A heap-buffer-overflow in another () at cmds.c:202
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html
* NULL Pointer Dereference in setnmap() at cmds.c:2303
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html
https://savannah.gnu.org/bugs/?61723
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00013.html
* Problems found in tftp (the code did not change since the report):
* Untrusted Pointer Dereference in getcmd() at inetutils/src/tftp.c:878
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
At first glance the above problems might be caused by feeding unexpected
input to the ftp and tftp clients.
AFAIK the other fuzzer-based crash reports have already been addressed
before the release of GNU Inetutils 2.3:
* I think you addressed the following two reports:
* Heap-based Buffer Overflow in logger
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html
(see git commit 8e0df0e80b156a09ff361050bac38bbdcda03aef)
* Memory leak in ifconfig
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html
(see git commit 6599d2be88c4e44ef88470aef16bf10bd7d67884)
[ I did not analyze the above two bug reports or the commits intended ]
[ to fix the issues. I just assume that they are addressed based on ]
[ the commit log. :-) ]
* My patches should have addressed all the reports pertaining to telnet:
* NULL Pointer Dereference in setcmd () at commands.c:1152
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html
* NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00011.html
* NULL Pointer Dereference in help() at inetutils/telnet/commands.c:3094
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html
https://savannah.gnu.org/bugs/?61725
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00009.html
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00012.html
> I have a re-implementation of 'arp' that belongs in inetutils, maybe I
> should finally add it...
I have no objections. ;-)
Thanks,
Erik
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/09/02
- Re: [PATCH 3/3] telnet: Avoid command evaluation crashes., Simon Josefsson, 2022/09/02
- TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/04
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/06
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Erik Auerswald, 2022/09/07
- Re: TFTP client crash seems to be caused by missing bounds check in makeargv(), Simon Josefsson, 2022/09/08
- How to check for perl or usable printf tools?, Erik Auerswald, 2022/09/11
- Re: How to check for perl or usable printf tools?, Simon Josefsson, 2022/09/12