#
309636 |
|
06-Dec-2016 |
glebius |
Fix possible login(1) argument injection in telnetd(8). [SA-16:36] Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so
|
#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
251188 |
|
31-May-2013 |
marcel |
Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago). The "automatic" login feature is described as follows: The USER environment variable holds the name of the person telnetting in. This is the username of the person on the client machine. The traditional behaviour is to execute login(1) with this username first, meaning that login(1) will prompt for the password only. If login fails, login(1) will retry, but now prompt for the username before prompting for the password.
This feature got broken by how the environment got scrubbed. Before the change in r69825 we removed variables that we deemed dangerous. Starting with r69825 we only keep those variable we know to be safe.
The USER environment variable fell through the cracks. It suddenly got scrubbed (i.e. removed from the environment) while still being checked for. It also got explicitly removed from the environment to handle the failed login case.
The fix is to obtain the value of the USER environment variable before we scrub the environment and used the "cached" in subsequent checks. This guarantees that the environment does not contain the USER variable in the end, while still being able to implement "automatic" login.
Obtained from: Juniper Networks, Inc.
|
#
202212 |
|
13-Jan-2010 |
ed |
Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the terminal during shutdown anymore. Also don't call logwtmp, because the login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead of 2.
|
#
201047 |
|
27-Dec-2009 |
ed |
Remove unneeded inclusion of <utmp.h> and dead variables.
|
#
188699 |
|
16-Feb-2009 |
cperciva |
Correctly scrub telnetd's environment.
Approved by: so (cperciva) Security: FreeBSD-SA-09:05.telnetd
|
#
184938 |
|
13-Nov-2008 |
ed |
Use strlcpy() instead of strcpy().
Requested by: mlaier
|
#
184935 |
|
13-Nov-2008 |
ed |
Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even though it turned out to be a different problem within the TTY code, I spotted a small issue with telnetd(8). Instead of allocating PTY's using openpty(3) or posix_openpt(2), it used its own PTY allocation routine. This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough, we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 -> 0, instead of pts/0).
Reviewed by: rink
|
#
114630 |
|
04-May-2003 |
obrien |
Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.
|
#
97341 |
|
27-May-2002 |
jmallett |
Don't risk catching a signal while handling a signal for a dying child, as we can then end up not properly clearing wtmp/utmp entries.
PR: bin/37934 Submitted by: Sandeep Kumar <skumar@juniper.net> Reviewed by: markm MFC after: 2 weeks
|
#
90242 |
|
05-Feb-2002 |
sheldonh |
Don't use non-signal-safe functions (exit(3) in this case) in signal handlers. In this case, use _exit(2) instead, following the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672 Submitted by: Umesh Krishnaswamy <umesh@juniper.net> MFC after: 1 month
|
#
87267 |
|
03-Dec-2001 |
markm |
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who feels like rewriting it will meet no objection from me.
|
#
87155 |
|
30-Nov-2001 |
markm |
Damn. The previous mega-commit was incomplete WRT ANSIfication. This fixes that.
|
#
87139 |
|
30-Nov-2001 |
markm |
Very large style makeover.
1) ANSIfy. 2) Clean up ifdefs so that a) ones that never/always apply are appropriately either fully removed, or just the #if junk is removed. b) change #if defined(FOO) for appropiate values of FOO. (currently AUTHENTICATION and ENCRYPTION) 3) WARNS=2 fixing 4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
|
#
82497 |
|
29-Aug-2001 |
markm |
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
|
#
81965 |
|
20-Aug-2001 |
markm |
Code merge and diff reduce with "base" telnet. This is the "later" telnet, so it was treated as the reference code, except where later commits were made to "base" telnet.
|
#
69825 |
|
10-Dec-2000 |
assar |
(scrub_env): change to only accept a listed set of variables, including only non-filename contents for TERMCAP
|
#
69389 |
|
30-Nov-2000 |
asmodai |
Add more environment variables to be filtered through scrub_env(). Synched from normal telnet.
|
#
63249 |
|
16-Jul-2000 |
peter |
Forced commit. This is to try and help folks that used the international crypto repo and have slightly different files but with the same version. cvsup in 'checkout mode' has no trouble with this, but cvs can get really silly about it.
|
#
50479 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
45428 |
|
07-Apr-1999 |
brian |
MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.
|
#
38728 |
|
01-Sep-1998 |
gpalmer |
Remove redundant decl. of time(). Causes problems on alpha
|
#
32688 |
|
21-Jan-1998 |
imp |
MFC: sprintf paranoia
|
#
31622 |
|
08-Dec-1997 |
charnier |
MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).
|
#
29181 |
|
07-Sep-1997 |
markm |
Bring the FreeBSD changes to the virgin sources.
|
#
29089 |
|
04-Sep-1997 |
markm |
This commit was generated by cvs2svn to compensate for changes in r29088, which included commits to RCS files with non-trunk default branches.
|
#
29088 |
|
04-Sep-1997 |
markm |
Initial import of BSD telnet. This will be used to build the kerberised telnet, and after userland diffs have been merged in, will be used to build the non-kerberised sources as well. (See unifdef(1) for details)
|