[SCM] GNU Inetutils branch, master, updated. inetutils-1_9

commit-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-53-g148057

From:	Simon Josefsson
Subject:	[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-53-g1480573
Date:	Wed, 1 Jan 2020 09:29:19 -0500 (EST)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  1480573a908254662074865406ac6fbde4694e5d (commit)
       via  8ac94f742ed9f3f84a311c004c27ad12597fc146 (commit)
      from  e1e70c849b5285419e445f6e049ef8e204a03491 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=1480573a908254662074865406ac6fbde4694e5d


commit 1480573a908254662074865406ac6fbde4694e5d
Author: Simon Josefsson <address@hidden>
Date:   Wed Jan 1 15:28:54 2020 +0100

    telnet: Validate supplied environment variables. CVE-2019-0053
    
    telnet/telnet.c (suboption): Use snprintf instead of sprintf.
    telnet/utilities.c (printsub): Likewise.

diff --git a/ChangeLog b/ChangeLog
index 9c83aae..18f4c04 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2020-01-01  Simon Josefsson  <address@hidden>
+
+       telnet: Validate supplied environment variables. CVE-2019-0053
+       * telnet/telnet.c (suboption): Use snprintf instead of sprintf.
+       * telnet/utilities.c (printsub): Likewise.
+
 2020-01-01  Guillem Jover  <address@hidden>  (tiny change)
 
        * ping/ping_echo.c (struct icmp_diag): Fix typo.
diff --git a/NEWS b/NEWS
index e22b36a..634ee41 100644
--- a/NEWS
+++ b/NEWS
@@ -127,6 +127,8 @@ of receiving ICMP packets other than ICMP_ECHOREPLY.
 
 Causes problems when sending binary data through telnet connections.
 
+** Validate supplied environment variables. CVE-2019-0053
+
 * telnetd
 
 ** Use tty, not pty on Solaris.
diff --git a/telnet/telnet.c b/telnet/telnet.c
index a1a3fc4..c42bef1 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -859,7 +859,7 @@ suboption (void)
          len = strlen (name) + 4 + 2;
          if (len < NETROOM ())
            {
-             sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+             snprintf ((char *) temp, sizeof (temp), "%c%c%c%c%s%c%c", IAC, 
SB, TELOPT_TTYPE,
                       TELQUAL_IS, name, IAC, SE);
              ring_supply_data (&netoring, temp, len);
              printsub ('>', &temp[2], len - 2);
@@ -883,7 +883,7 @@ suboption (void)
 
          TerminalSpeeds (&ispeed, &ospeed);
 
-         sprintf ((char *) temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
+         snprintf ((char *) temp, sizeof (temp), "%c%c%c%c%d,%d%c%c", IAC, SB, 
TELOPT_TSPEED,
                   TELQUAL_IS, (int) ospeed, (int) ispeed, IAC, SE);
          len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */
 
@@ -997,7 +997,7 @@ suboption (void)
              send_wont (TELOPT_XDISPLOC, 1);
              break;
            }
-         sprintf ((char *) temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+         snprintf ((char *) temp, sizeof (temp), "%c%c%c%c%s%c%c", IAC, SB, 
TELOPT_XDISPLOC,
                   TELQUAL_IS, dp, IAC, SE);
          len = strlen ((char *) temp + 4) + 4; /* temp[3] is 0 ... */
 
diff --git a/telnet/utilities.c b/telnet/utilities.c
index fb00cc5..44b66d2 100644
--- a/telnet/utilities.c
+++ b/telnet/utilities.c
@@ -730,7 +730,7 @@ printsub (char direction, unsigned char *pointer, int 
length)
              {
                char tbuf[64];
 
-               sprintf (tbuf, "%s%s%s%s%s",
+               snprintf (tbuf, sizeof (tbuf), "%s%s%s%s%s",
                         pointer[2] & MODE_EDIT ? "|EDIT" : "",
                         pointer[2] & MODE_TRAPSIG ? "|TRAPSIG" : "",
                         pointer[2] & MODE_SOFT_TAB ? "|SOFT_TAB" : "",

http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=8ac94f742ed9f3f84a311c004c27ad12597fc146


commit 8ac94f742ed9f3f84a311c004c27ad12597fc146
Author: Simon Josefsson <address@hidden>
Date:   Wed Jan 1 15:26:47 2020 +0100

    NEWS: Fix markup (silent change).

diff --git a/NEWS b/NEWS
index 96cc87c..e22b36a 100644
--- a/NEWS
+++ b/NEWS
@@ -123,7 +123,8 @@ of receiving ICMP packets other than ICMP_ECHOREPLY.
 
 * telnet
 
-Telnet -E(no escape) is treating _POSIX_VDISABLE char as escape.
+** Telnet -E(no escape) is treating _POSIX_VDISABLE char as escape.
+
 Causes problems when sending binary data through telnet connections.
 
 * telnetd

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          | 6 ++++++
 NEWS               | 5 ++++-
 telnet/telnet.c    | 6 +++---
 telnet/utilities.c | 2 +-
 4 files changed, 14 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
GNU Inetutils

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-53-g1480573, Simon Josefsson <=

Prev by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-51-ge1e70c8
Next by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-54-g522101f
Previous by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-51-ge1e70c8
Next by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-54-g522101f
Index(es):
- Date
- Thread