309634 |
06-Dec-2016 |
glebius |
Fix possible login(1) argument injection in telnetd(8). [SA-16:36] Fix link_ntoa(3) buffer overflow in libc. [SA-16:37] Fix possible escape from bhyve(8) virtual machine. [SA-16:38] Fix warnings about valid time zone abbreviations. [EN-16:19] Update timezone database information. [EN-16:20]
Security: FreeBSD-SA-16:36.telnetd Security: FreeBSD-SA-16:37.libc Security: FreeBSD-SA-16:38.bhyve Errata Notice: FreeBSD-EN-16:19.tzcode Errata Notice: FreeBSD-EN-16:20.tzdata Approved by: so |
296373 |
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
275508 |
05-Dec-2014 |
ngie |
MFC r274364:
Add baud rate support to telnet(1)
This implements part of RFC-2217
It's based off a patch originally written by Sujal Patel at Isilon, and contributions from other Isilon employees.
PR: 173728 Phabric: D995 Reviewed by: markj, markm Sponsored by: EMC / Isilon Storage Division
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
251188 |
31-May-2013 |
marcel |
Fix "automatic" login, broken by revision 69825 (12 years, 5 months ago). The "automatic" login feature is described as follows: The USER environment variable holds the name of the person telnetting in. This is the username of the person on the client machine. The traditional behaviour is to execute login(1) with this username first, meaning that login(1) will prompt for the password only. If login fails, login(1) will retry, but now prompt for the username before prompting for the password.
This feature got broken by how the environment got scrubbed. Before the change in r69825 we removed variables that we deemed dangerous. Starting with r69825 we only keep those variable we know to be safe.
The USER environment variable fell through the cracks. It suddenly got scrubbed (i.e. removed from the environment) while still being checked for. It also got explicitly removed from the environment to handle the failed login case.
The fix is to obtain the value of the USER environment variable before we scrub the environment and used the "cached" in subsequent checks. This guarantees that the environment does not contain the USER variable in the end, while still being able to implement "automatic" login.
Obtained from: Juniper Networks, Inc.
|
241021 |
28-Sep-2012 |
kevlo |
Make sure that each va_start has one and only one matching va_end, especially in error cases.
|
228589 |
16-Dec-2011 |
dim |
In contrib/telnet/telnetd/utility.c, fix a few warnings about format strings not being literals.
MFC after: 1 week
|
202214 |
13-Jan-2010 |
ed |
Forgot a part that was missing in the previous commit.
There is no need to call trimdomain() anymore now that ut_host is big enough to fit decent hostnames.
|
202212 |
13-Jan-2010 |
ed |
Let telnetd build without utmp and logwtmp(3).
Just like rlogind, there is no need to change the ownership of the terminal during shutdown anymore. Also don't call logwtmp, because the login(1)/PAM is responsible for doing this. Also use SHUT_RDWR instead of 2.
|
201047 |
27-Dec-2009 |
ed |
Remove unneeded inclusion of <utmp.h> and dead variables.
|
188699 |
16-Feb-2009 |
cperciva |
Correctly scrub telnetd's environment.
Approved by: so (cperciva) Security: FreeBSD-SA-09:05.telnetd
|
184938 |
13-Nov-2008 |
ed |
Use strlcpy() instead of strcpy().
Requested by: mlaier
|
184935 |
13-Nov-2008 |
ed |
Convert telnetd(8) to use posix_openpt(2).
Some time ago I got some reports MPSAFE TTY broke telnetd(8). Even though it turned out to be a different problem within the TTY code, I spotted a small issue with telnetd(8). Instead of allocating PTY's using openpty(3) or posix_openpt(2), it used its own PTY allocation routine. This means that telnetd(8) still uses /dev/ptyXX-style devices.
I've also increased the size of line[]. Even though 16 should be enough, we already use 13 bytes ("/dev/pts/999", including '\0'). 32 bytes gives us a little more freedom.
Also enable -DSTREAMSPTY. Otherwise telnetd(8) strips the PTY's pathname to the latest slash instead of just removing "/dev/" (e.g. /dev/pts/0 -> 0, instead of pts/0).
Reviewed by: rink
|
182419 |
29-Aug-2008 |
trhodes |
List authentication types supported with "-X" taken from the libtelnet code.
PR: 121721
|
180931 |
28-Jul-2008 |
jhb |
Don't attempt authentication at all if it has been disabled via '-a off'. This works around a bug in HP-UX's telnet client and also gives a much saner user experience when using FreeBSD's telnet client.
PR: bin/19405 Submitted by: Joel Ray Holveck joelh of gnu.org MFC after: 1 month
|
162671 |
26-Sep-2006 |
ru |
Remove bogus casts of valid integer ioctl() arguments.
|
146468 |
21-May-2005 |
ume |
NI_WITHSCOPEID cleanup
|
140601 |
21-Jan-2005 |
ru |
- Soften sentence breaks. - Remove double whitespace. - Sort sections.
|
139937 |
09-Jan-2005 |
maxim |
o Make telnet[d] -S (IP TOS) flag really work. We do not have /etc/iptos implementation so only numeric values supported.
o telnetd.8: steal the -S flag description from telnet.1, bump the date of the document.
MFC after: 6 weeks
|
139713 |
05-Jan-2005 |
maxim |
o Add -4 and -6 flags to a man page and usage(). Bump the man page date.
|
132753 |
28-Jul-2004 |
kan |
Add missing () to function invocation.
|
118865 |
13-Aug-2003 |
harti |
Implement what has been documented for a long time: make -debug switch on socket debugging.
Okay'ed by: markm
|
114911 |
11-May-2003 |
markm |
Fix up external variables named "debug" that have a horrible habit of conflicting with other, similarly named functions in static libraries. This is done mostly by renaming the var if it is shared amongst modules, or making it static otherwise.
OK'ed by: re(scottl)
|
114630 |
04-May-2003 |
obrien |
Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.
|
103956 |
25-Sep-2002 |
markm |
Catch up with "base" telnet. s/FALL THROUGH/FALLTHROUGH/ for lint(1).
|
97341 |
27-May-2002 |
jmallett |
Don't risk catching a signal while handling a signal for a dying child, as we can then end up not properly clearing wtmp/utmp entries.
PR: bin/37934 Submitted by: Sandeep Kumar <skumar@juniper.net> Reviewed by: markm MFC after: 2 weeks
|
90242 |
05-Feb-2002 |
sheldonh |
Don't use non-signal-safe functions (exit(3) in this case) in signal handlers. In this case, use _exit(2) instead, following the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672 Submitted by: Umesh Krishnaswamy <umesh@juniper.net> MFC after: 1 month
|
87882 |
14-Dec-2001 |
ru |
mdoc(7) police: remove -r from SYNOPSIS, sort -p in DESCRIPTION.
|
87358 |
04-Dec-2001 |
ru |
Fixed bugs from previous revision.
Removed -s from SYNOPSIS and restored -S in DESCRIPTION.
|
87267 |
03-Dec-2001 |
markm |
More help for alpha WARNS=2. This code is, erm, unusual. Anyone who feels like rewriting it will meet no objection from me.
|
87155 |
30-Nov-2001 |
markm |
Damn. The previous mega-commit was incomplete WRT ANSIfication. This fixes that.
|
87139 |
30-Nov-2001 |
markm |
Very large style makeover.
1) ANSIfy. 2) Clean up ifdefs so that a) ones that never/always apply are appropriately either fully removed, or just the #if junk is removed. b) change #if defined(FOO) for appropiate values of FOO. (currently AUTHENTICATION and ENCRYPTION) 3) WARNS=2 fixing 4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
|
82497 |
29-Aug-2001 |
markm |
Manually unifdef(1) CRAY, UNICOS, hpux and sun uselsess code.
|
82326 |
25-Aug-2001 |
dd |
Remove description of an option that only applies to UNICOS < 7.0. That define may still be present in the source, but I don't think anyone has plans to try to use it.
Obtained from: NetBSD
|
81965 |
20-Aug-2001 |
markm |
Code merge and diff reduce with "base" telnet. This is the "later" telnet, so it was treated as the reference code, except where later commits were made to "base" telnet.
|
81622 |
14-Aug-2001 |
ru |
mdoc(7) police: s/BSD/.Bx/ where appropriate.
|
80224 |
23-Jul-2001 |
kris |
output_data(), output_datalen() and netflush() didn't actually guarantee to do what they are supposed to: under some circumstances output data would be truncated, or the buffer would not actually be flushed (possibly leading to overflows when the caller assumes the operation succeeded). Change the semantics so that these functions ensure they complete the operation before returning.
Comment out diagnostic code enabled by '-D reports' which causes an infinite recursion and an eventual crash.
Patch developed with assistance from ru and assar.
|
80038 |
20-Jul-2001 |
ru |
More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data(). If `remaining' is initially zero, it was possible for `nfrontp' to be decremented.
Noticed by: dillon
o Replaced leaking writenet() with output_datalen():
: * writenet : * : * Just a handy little function to write a bit of raw data to the net. : * It will force a transmit of the buffer if necessary : * : * arguments : * ptr - A pointer to a character string to write : * len - How many bytes to write : */ : void : writenet(ptr, len) : register unsigned char *ptr; : register int len; : { : /* flush buffer if no room for new data) */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : if ((&netobuf[BUFSIZ] - nfrontp) < len) { : /* if this fails, don't worry, buffer is a little big */ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ : netflush(); : } : : memmove(nfrontp, ptr, len); : nfrontp += len; : : } /* end of writenet */
What an irony! :-)
o Optimized output_datalen() a bit.
|
79992 |
19-Jul-2001 |
ru |
vsnprintf() can return a value larger than the buffer size.
Submitted by: assar Obtained from: OpenBSD
|
79981 |
19-Jul-2001 |
ru |
Fixed the exploitable remote buffer overflow.
Reported on: bugtraq Obtained from: Heimdal, NetBSD Reviewed by: obrien, imp
|
79528 |
10-Jul-2001 |
ru |
mdoc(7) police: removed HISTORY info from the .Os call.
|
72139 |
07-Feb-2001 |
asmodai |
Synch: Add $FreeBSD$.
|
72089 |
06-Feb-2001 |
asmodai |
Fix typo: seperate -> separate.
Seperate does not exist in the english language.
Submitted to look at by: kris
|
72083 |
06-Feb-2001 |
asmodai |
Fix typo: wierd -> weird.
There is no such thing as wierd in the english language.
|
71899 |
01-Feb-2001 |
ru |
mdoc(7) police: split punctuation characters + misc fixes.
|
70890 |
10-Jan-2001 |
ru |
Prepare for mdoc(7)NG.
|
69825 |
10-Dec-2000 |
assar |
(scrub_env): change to only accept a listed set of variables, including only non-filename contents for TERMCAP
|
69389 |
30-Nov-2000 |
asmodai |
Add more environment variables to be filtered through scrub_env(). Synched from normal telnet.
|
69387 |
30-Nov-2000 |
asmodai |
String paranoia fix. Synched from normal telnet.
|
69384 |
30-Nov-2000 |
asmodai |
String paranoia. Merged from regular telnet.
|
69223 |
26-Nov-2000 |
kris |
Correct definition of MAXHOSTNAMELEN in ifdef'ed code.
Submitted by: Edwin Groothuis <mavetju@chello.nl> PR: bin/22787
|
68965 |
20-Nov-2000 |
ru |
mdoc(7) police: use the new features of the Nm macro.
|
68575 |
10-Nov-2000 |
ru |
Avoid use of direct troff requests in mdoc(7) manual pages.
|
63248 |
16-Jul-2000 |
peter |
Add missing $FreeBSD$ to files that are NOT still on vendor a branch.
|
57414 |
24-Feb-2000 |
markm |
Freefall/Internat diff reducer.
|
56668 |
27-Jan-2000 |
shin |
another tcp apps IPv6 updates.(should be make world safe) ftp, telnet, ftpd, faithd also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
|
50479 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
49901 |
16-Aug-1999 |
nsayer |
According to Mark Murray, Makefiles do not belong here. I guess we're going to have to figure something else out.
|
49887 |
16-Aug-1999 |
nsayer |
Add SRA authentication to src/crypto/telnet.
SRA does a Diffie-Hellmen exchange and then DES-encrypts the authentication data. If the authentication is successful, it also sets up a session key for DES encryption.
SRA was originally developed at Texas A&M University.
This code is probably export restricted (despite the fact that I originally found it at a University in Germany).
SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks and does not use tremendously large DH constants (and thus an individual exchange probably could be factored in a few days on modern CPU horsepower). It does not, however, require any changes in user or administrative behavior and foils session hijacking and sniffing. The goal of this commit is that telnet and telnetd end up in the DES distribution and that therefore an encrypted session telnet becomes standard issue for FreeBSD.
|
45493 |
08-Apr-1999 |
brian |
MF libexec/telnetd: Determine the host name using an array size of MAXHOSTNAMELEN and call trimdomain() before implementing the -u option.
|
45428 |
07-Apr-1999 |
brian |
MF libexec/telnetd: MAXHOSTNAMELEN & -u fixes.
|
45395 |
06-Apr-1999 |
brian |
Use realhostname().
|
45377 |
06-Apr-1999 |
brian |
MF src/libexec/telnetd: Verify the reverse DNS lookup ala rlogind. Suggested by: markm
|
41858 |
16-Dec-1998 |
peter |
Old stuff laying around: Don't use getstr which can conflict with some curses/termcap/terminfo implementations and causes recursion.
|
41856 |
16-Dec-1998 |
peter |
Old stuff from a source tree: copy (verbatum) the code to expand the %s/%m in the default /etc/gettytab.
|
38728 |
01-Sep-1998 |
gpalmer |
Remove redundant decl. of time(). Causes problems on alpha
|
32688 |
22-Jan-1998 |
imp |
MFC: sprintf paranoia
|
31622 |
08-Dec-1997 |
charnier |
MFC: no \n in syslog strings. Change -P to -p in flags. EOF -> -1. Use err(3).
|
30212 |
08-Oct-1997 |
uhclem |
PR: bin/771 and bin/1037 are resolved by this change This change changes the default handling of linemode so that older and/or stupider telnet clients can still get wakeup characters like <ESC> and <CTRL>D to work correctly multiple times on the same line, as in csh "set filec" operations. It also causes CR and LF characters to be read by apps in certain terminal modes consistently, as opposed to returning CR sometimes and LF sometimes, which broke existing apps. The change was shown to fix the problem demonstrated in the FreeBSD telnet client, along with the telnet client in Solaris, SCO, Windows '95 & NT, DEC OSF, NCSA, and others.
A similar change was incorporated in the non-crypto version of telnetd.
This resolves bin/771 and bin/1037.
|
29181 |
07-Sep-1997 |
markm |
Bring the FreeBSD changes to the virgin sources.
|
29089 |
04-Sep-1997 |
markm |
This commit was generated by cvs2svn to compensate for changes in r29088, which included commits to RCS files with non-trunk default branches.
|