diff options
Diffstat (limited to 'share/security/patches/SA-01:25')
4 files changed, 514 insertions, 0 deletions
diff --git a/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch new file mode 100644 index 0000000000..7e8013db7f --- /dev/null +++ b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch @@ -0,0 +1,247 @@ +Index: crypto/kerberosIV/lib/krb/kdc_reply.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v +retrieving revision 1.1.1.1.4.1 +retrieving revision 1.1.1.1.4.2 +diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2 +--- crypto/kerberosIV/lib/krb/kdc_reply.c 2000/07/04 15:04:26 1.1.1.1.4.1 ++++ crypto/kerberosIV/lib/krb/kdc_reply.c 2000/12/15 03:02:19 1.1.1.1.4.2 +@@ -121,6 +121,9 @@ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); ++ if (reply->length - (p - reply->dat) < clen) ++ return INTK_PROT; ++ + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; +Index: crypto/kerberosIV/lib/krb/tf_util.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v +retrieving revision 1.1.1.1.4.1 +retrieving revision 1.1.1.1.4.2 +diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2 +--- crypto/kerberosIV/lib/krb/tf_util.c 2000/07/04 15:04:27 1.1.1.1.4.1 ++++ crypto/kerberosIV/lib/krb/tf_util.c 2000/12/15 03:01:31 1.1.1.1.4.2 +@@ -249,20 +249,6 @@ + int + tf_create(char *tf_name) + { +- struct stat statbuf; +- char garbage[BUFSIZ]; +- +- fd = open(tf_name, O_RDWR | O_BINARY, 0); +- if (fd >= 0) { +- if (fstat (fd, &statbuf) == 0) { +- int i; +- +- for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) +- write (fd, garbage, sizeof(garbage)); +- } +- close (fd); +- } +- + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + +Index: crypto/kerberosIV/lib/krb/extra.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v +retrieving revision 1.1.1.2.4.1 +retrieving revision 1.1.1.2.4.2 +diff -u -u -r1.1.1.2.4.1 -r1.1.1.2.4.2 +--- crypto/kerberosIV/lib/krb/extra.c 2000/07/04 15:04:25 1.1.1.2.4.1 ++++ crypto/kerberosIV/lib/krb/extra.c 2000/12/15 03:01:04 1.1.1.2.4.2 +@@ -70,30 +70,6 @@ + + #ifndef WIN32 + +-struct obsolete { +- const char *from; +- const char *to; +-} obsolete [] = { +- { "KDC_TIMESYNC", "kdc_timesync" }, +- { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"}, +- { "krb4_proxy", "krb4_proxy"}, +- { NULL, NULL } +-}; +- +-static void +-check_obsolete(void) +-{ +- struct obsolete *r; +- for(r = obsolete; r->from; r++) { +- if(getenv(r->from)) { +- krb_warning("The environment variable `%s' is obsolete;\n" +- "set `%s' in your `krb.extra' file instead\n", +- r->from, r->to); +- define_variable(r->to, getenv(r->from)); +- } +- } +-} +- + static int + read_extra_file(void) + { +@@ -103,7 +79,6 @@ + if(_krb_extra_read) + return 0; + _krb_extra_read = 1; +- check_obsolete(); + while(krb_get_krbextra(i++, file, sizeof(file)) == 0) { + FILE *f = fopen(file, "r"); + if(f == NULL) +Index: crypto/telnet/telnetd/sys_term.c +=================================================================== +RCS file: /home/ncvs/src/crypto/telnet/telnetd/sys_term.c,v +retrieving revision 1.5.2.2 +retrieving revision 1.5.2.3 +diff -u -r1.5.2.2 -r1.5.2.3 +--- crypto/telnet/telnetd/sys_term.c 1999/08/29 16:18:10 1.5.2.2 ++++ crypto/telnet/telnetd/sys_term.c 2000/12/15 03:00:11 1.5.2.3 +@@ -1839,27 +1839,48 @@ + /* + * scrub_env() + * +- * Remove a few things from the environment that +- * don't need to be there. ++ * We only accept the environment variables listed below. + */ + void + scrub_env() + { +- register char **cpp, **cpp2; ++ static const char *reject[] = { ++ "TERMCAP=/", ++ NULL ++ }; + +- for (cpp2 = cpp = environ; *cpp; cpp++) { +-#ifdef __FreeBSD__ +- if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && +- strncmp(*cpp, "LD_PRELOAD=", 11) && +-#else +- if (strncmp(*cpp, "LD_", 3) && +- strncmp(*cpp, "_RLD_", 5) && +- strncmp(*cpp, "LIBPATH=", 8) && +-#endif +- strncmp(*cpp, "IFS=", 4)) +- *cpp2++ = *cpp; +- } +- *cpp2 = 0; ++ static const char *accept[] = { ++ "XAUTH=", "XAUTHORITY=", "DISPLAY=", ++ "TERM=", ++ "EDITOR=", ++ "PAGER=", ++ "LOGNAME=", ++ "POSIXLY_CORRECT=", ++ "PRINTER=", ++ NULL ++ }; ++ ++ char **cpp, **cpp2; ++ const char **p; ++ ++ for (cpp2 = cpp = environ; *cpp; cpp++) { ++ int reject_it = 0; ++ ++ for(p = reject; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) { ++ reject_it = 1; ++ break; ++ } ++ if (reject_it) ++ continue; ++ ++ for(p = accept; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) ++ break; ++ if(*p != NULL) ++ *cpp2++ = *cpp; ++ } ++ *cpp2 = NULL; + } + + /* +Index: libexec/telnetd/sys_term.c +=================================================================== +RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v +retrieving revision 1.20.2.4 +retrieving revision 1.20.2.5 +diff -u -r1.20.2.4 -r1.20.2.5 +--- libexec/telnetd/sys_term.c 2000/11/20 03:09:37 1.20.2.4 ++++ libexec/telnetd/sys_term.c 2000/12/15 02:59:15 1.20.2.5 +@@ -1778,34 +1778,48 @@ + /* + * scrub_env() + * +- * Remove a few things from the environment that +- * don't need to be there. ++ * We only accept the environment variables listed below. + */ + void + scrub_env() + { +- register char **cpp, **cpp2; ++ static const char *reject[] = { ++ "TERMCAP=/", ++ NULL ++ }; + +- for (cpp2 = cpp = environ; *cpp; cpp++) { +-#ifdef __FreeBSD__ +- if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && +- strncmp(*cpp, "LD_PRELOAD=", 11) && +-#else +- if (strncmp(*cpp, "LD_", 3) && +- strncmp(*cpp, "_RLD_", 5) && +- strncmp(*cpp, "LIBPATH=", 8) && +-#endif +- strncmp(*cpp, "LOCALDOMAIN=", 12) && +- strncmp(*cpp, "RES_OPTIONS=", 12) && +- strncmp(*cpp, "TERMINFO=", 9) && +- strncmp(*cpp, "TERMINFO_DIRS=", 14) && +- strncmp(*cpp, "TERMPATH=", 9) && +- strncmp(*cpp, "TERMCAP=/", 9) && +- strncmp(*cpp, "ENV=", 4) && +- strncmp(*cpp, "IFS=", 4)) +- *cpp2++ = *cpp; +- } +- *cpp2 = 0; ++ static const char *accept[] = { ++ "XAUTH=", "XAUTHORITY=", "DISPLAY=", ++ "TERM=", ++ "EDITOR=", ++ "PAGER=", ++ "LOGNAME=", ++ "POSIXLY_CORRECT=", ++ "PRINTER=", ++ NULL ++ }; ++ ++ char **cpp, **cpp2; ++ const char **p; ++ ++ for (cpp2 = cpp = environ; *cpp; cpp++) { ++ int reject_it = 0; ++ ++ for(p = reject; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) { ++ reject_it = 1; ++ break; ++ } ++ if (reject_it) ++ continue; ++ ++ for(p = accept; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) ++ break; ++ if(*p != NULL) ++ *cpp2++ = *cpp; ++ } ++ *cpp2 = NULL; + } + + /* diff --git a/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc new file mode 100644 index 0000000000..6241b7cdad --- /dev/null +++ b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUAOopfPFUuHi5z0oilAQFDqwQAjHGF/msHy+cpVFUxPoHFF8tuuH8MndOm +G8onJCiWdlRMC7U5oZ7cWWrYTY32BNMxREjpLxIbrT2ZGSihIhumqepzBcT743LV +TCl8IJDhFkvPr2zGEIhF62NjgA3XSuHFw+8/jwCiM0wy3b+2NWK7U1ebpwCEgcmU +3IW56iGH7ek= +=1ddc +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-01:25/telnetd-krb.4.2.patch b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch new file mode 100644 index 0000000000..66e87549cd --- /dev/null +++ b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch @@ -0,0 +1,247 @@ +Index: crypto/kerberosIV/lib/krb/tf_util.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v +retrieving revision 1.1.1.3 +retrieving revision 1.1.1.3.2.1 +diff -u -u -r1.1.1.3 -r1.1.1.3.2.1 +--- crypto/kerberosIV/lib/krb/tf_util.c 2000/01/09 08:29:11 1.1.1.3 ++++ crypto/kerberosIV/lib/krb/tf_util.c 2000/12/12 03:07:56 1.1.1.3.2.1 +@@ -249,20 +249,6 @@ + int + tf_create(char *tf_name) + { +- struct stat statbuf; +- char garbage[BUFSIZ]; +- +- fd = open(tf_name, O_RDWR | O_BINARY, 0); +- if (fd >= 0) { +- if (fstat (fd, &statbuf) == 0) { +- int i; +- +- for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) +- write (fd, garbage, sizeof(garbage)); +- } +- close (fd); +- } +- + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + +Index: crypto/kerberosIV/lib/krb/kdc_reply.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v +retrieving revision 1.1.1.3 +retrieving revision 1.1.1.3.2.1 +diff -u -u -r1.1.1.3 -r1.1.1.3.2.1 +--- crypto/kerberosIV/lib/krb/kdc_reply.c 2000/01/09 08:28:38 1.1.1.3 ++++ crypto/kerberosIV/lib/krb/kdc_reply.c 2000/12/12 03:07:17 1.1.1.3.2.1 +@@ -121,6 +121,9 @@ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); ++ if (reply->length - (p - reply->dat) < clen) ++ return INTK_PROT; ++ + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; +Index: crypto/kerberosIV/lib/krb/extra.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v +retrieving revision 1.1.1.2 +retrieving revision 1.1.1.2.2.1 +diff -u -u -r1.1.1.2 -r1.1.1.2.2.1 +--- crypto/kerberosIV/lib/krb/extra.c 2000/01/09 08:28:26 1.1.1.2 ++++ crypto/kerberosIV/lib/krb/extra.c 2000/12/12 03:06:34 1.1.1.2.2.1 +@@ -70,30 +70,6 @@ + + #ifndef WIN32 + +-struct obsolete { +- const char *from; +- const char *to; +-} obsolete [] = { +- { "KDC_TIMESYNC", "kdc_timesync" }, +- { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"}, +- { "krb4_proxy", "krb4_proxy"}, +- { NULL, NULL } +-}; +- +-static void +-check_obsolete(void) +-{ +- struct obsolete *r; +- for(r = obsolete; r->from; r++) { +- if(getenv(r->from)) { +- krb_warning("The environment variable `%s' is obsolete;\n" +- "set `%s' in your `krb.extra' file instead\n", +- r->from, r->to); +- define_variable(r->to, getenv(r->from)); +- } +- } +-} +- + static int + read_extra_file(void) + { +@@ -103,7 +79,6 @@ + if(_krb_extra_read) + return 0; + _krb_extra_read = 1; +- check_obsolete(); + while(krb_get_krbextra(i++, file, sizeof(file)) == 0) { + FILE *f = fopen(file, "r"); + if(f == NULL) +Index: libexec/telnetd/sys_term.c +=================================================================== +RCS file: /mnt/ncvs/src/libexec/telnetd/sys_term.c,v +retrieving revision 1.24.2.3 +retrieving revision 1.24.2.4 +diff -u -u -r1.24.2.3 -r1.24.2.4 +--- libexec/telnetd/sys_term.c 2000/12/11 01:03:23 1.24.2.3 ++++ libexec/telnetd/sys_term.c 2000/12/12 03:10:49 1.24.2.4 +@@ -1780,34 +1780,48 @@ + /* + * scrub_env() + * +- * Remove a few things from the environment that +- * don't need to be there. ++ * We only accept the environment variables listed below. + */ + void + scrub_env() + { +- register char **cpp, **cpp2; ++ static const char *reject[] = { ++ "TERMCAP=/", ++ NULL ++ }; + +- for (cpp2 = cpp = environ; *cpp; cpp++) { +-#ifdef __FreeBSD__ +- if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && +- strncmp(*cpp, "LD_PRELOAD=", 11) && +-#else +- if (strncmp(*cpp, "LD_", 3) && +- strncmp(*cpp, "_RLD_", 5) && +- strncmp(*cpp, "LIBPATH=", 8) && +-#endif +- strncmp(*cpp, "LOCALDOMAIN=", 12) && +- strncmp(*cpp, "RES_OPTIONS=", 12) && +- strncmp(*cpp, "TERMINFO=", 9) && +- strncmp(*cpp, "TERMINFO_DIRS=", 14) && +- strncmp(*cpp, "TERMPATH=", 9) && +- strncmp(*cpp, "TERMCAP=/", 9) && +- strncmp(*cpp, "ENV=", 4) && +- strncmp(*cpp, "IFS=", 4)) +- *cpp2++ = *cpp; +- } +- *cpp2 = 0; ++ static const char *accept[] = { ++ "XAUTH=", "XAUTHORITY=", "DISPLAY=", ++ "TERM=", ++ "EDITOR=", ++ "PAGER=", ++ "LOGNAME=", ++ "POSIXLY_CORRECT=", ++ "PRINTER=", ++ NULL ++ }; ++ ++ char **cpp, **cpp2; ++ const char **p; ++ ++ for (cpp2 = cpp = environ; *cpp; cpp++) { ++ int reject_it = 0; ++ ++ for(p = reject; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) { ++ reject_it = 1; ++ break; ++ } ++ if (reject_it) ++ continue; ++ ++ for(p = accept; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) ++ break; ++ if(*p != NULL) ++ *cpp2++ = *cpp; ++ } ++ *cpp2 = NULL; + } + + /* +Index: crypto/telnet/telnetd/sys_term.c +=================================================================== +RCS file: /mnt/ncvs/src/crypto/telnet/telnetd/sys_term.c,v +retrieving revision 1.7.2.2 +retrieving revision 1.7.2.3 +diff -u -u -r1.7.2.2 -r1.7.2.3 +--- crypto/telnet/telnetd/sys_term.c 2000/12/10 20:27:54 1.7.2.2 ++++ crypto/telnet/telnetd/sys_term.c 2000/12/12 03:09:35 1.7.2.3 +@@ -1839,27 +1839,48 @@ + /* + * scrub_env() + * +- * Remove a few things from the environment that +- * don't need to be there. ++ * We only accept the environment variables listed below. + */ + void + scrub_env() + { +- register char **cpp, **cpp2; ++ static const char *reject[] = { ++ "TERMCAP=/", ++ NULL ++ }; + +- for (cpp2 = cpp = environ; *cpp; cpp++) { +-#ifdef __FreeBSD__ +- if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && +- strncmp(*cpp, "LD_PRELOAD=", 11) && +-#else +- if (strncmp(*cpp, "LD_", 3) && +- strncmp(*cpp, "_RLD_", 5) && +- strncmp(*cpp, "LIBPATH=", 8) && +-#endif +- strncmp(*cpp, "IFS=", 4)) +- *cpp2++ = *cpp; +- } +- *cpp2 = 0; ++ static const char *accept[] = { ++ "XAUTH=", "XAUTHORITY=", "DISPLAY=", ++ "TERM=", ++ "EDITOR=", ++ "PAGER=", ++ "LOGNAME=", ++ "POSIXLY_CORRECT=", ++ "PRINTER=", ++ NULL ++ }; ++ ++ char **cpp, **cpp2; ++ const char **p; ++ ++ for (cpp2 = cpp = environ; *cpp; cpp++) { ++ int reject_it = 0; ++ ++ for(p = reject; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) { ++ reject_it = 1; ++ break; ++ } ++ if (reject_it) ++ continue; ++ ++ for(p = accept; *p; p++) ++ if(strncmp(*cpp, *p, strlen(*p)) == 0) ++ break; ++ if(*p != NULL) ++ *cpp2++ = *cpp; ++ } ++ *cpp2 = NULL; + } + + /* diff --git a/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc new file mode 100644 index 0000000000..4bb0cf5875 --- /dev/null +++ b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUAOopcblUuHi5z0oilAQFpQwP9GXx6qYXEhCRXs3HDEpWRV0xJi+PfOgLK +JqH4BrLCuuvd3JjGG/v2TgHg+0w00hua++jN0yzXiT4NLzwNDuqT0lPAN+pI+wDo +PpsoTa5deVRIhWC5quJ0DNBanpv4R6H4orxbbpGmsAH0X0/JUk0crA+8FNtIRogT +sSvdTszUUiU= +=41HQ +-----END PGP SIGNATURE----- |