Update telnetd vulnerability fixes from FreeBSD.

Submitted by:	Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>

4 files changed, 102 insertions, 28 deletions

diff --git a/security/krb5/files/patch-appl::telnet::telnetd::ext.h b/security/krb5/files/patch-appl::telnet::telnetd::ext.h
index 95e52f5c66b7..38fd6ac1fd53 100644
--- a/security/krb5/files/patch-appl::telnet::telnetd::ext.h
+++ b/security/krb5/files/patch-appl::telnet::telnetd::ext.h
@@ -1,13 +1,24 @@
 --- appl/telnet/telnetd/ext.h.orig	Wed Feb 28 14:06:51 2001
-+++ appl/telnet/telnetd/ext.h	Thu Jul 19 19:14:29 2001
-@@ -190,6 +190,10 @@
- 	wontoption P((int)),
- 	writenet P((unsigned char *, int));
++++ appl/telnet/telnetd/ext.h	Mon Jul 23 16:44:35 2001
+@@ -75,7 +75,7 @@
  
-+extern int output_data __P((const char *, ...))
-+        __printflike(1, 2);
-+extern int output_datalen __P((const char *, size_t));
+ extern char	netibuf[BUFSIZ], *netip;
+ 
+-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
++extern char	netobuf[BUFSIZ], *nfrontp, *nbackp;
+ extern char	*neturg;		/* one past last bye of urgent data */
+ 
+ extern int	pcc, ncc;
+@@ -187,8 +187,10 @@
+ 	tty_setsofttab P((int)),
+ 	tty_tspeed P((int)),
+ 	willoption P((int)),
+-	wontoption P((int)),
+-	writenet P((unsigned char *, int));
++	wontoption P((int));
 +
++extern int output_data __P((const char *, ...)) __printflike(1, 2);
++extern int output_datalen __P((const char *, size_t));
+ 
  #ifdef	ENCRYPTION
  extern char	*nclearto;
- #endif	/* ENCRYPTION */
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::state.c b/security/krb5/files/patch-appl::telnet::telnetd::state.c
index e9d2069eef6f..baf207333a1d 100644
--- a/security/krb5/files/patch-appl::telnet::telnetd::state.c
+++ b/security/krb5/files/patch-appl::telnet::telnetd::state.c
@@ -1,5 +1,5 @@
---- appl/telnet/telnetd/state.c.ORIG	Wed Feb 28 16:06:51 2001
-+++ appl/telnet/telnetd/state.c	Fri Jul 20 08:41:10 2001
+--- appl/telnet/telnetd/state.c.orig	Wed Feb 28 14:06:51 2001
++++ appl/telnet/telnetd/state.c	Mon Jul 23 17:48:48 2001
 @@ -33,6 +33,7 @@
  
  /* based on @(#)state.c	8.1 (Berkeley) 6/4/93 */
@@ -8,6 +8,15 @@
  #include "telnetd.h"
  #if	defined(AUTHENTICATION)
  #include <libtelnet/auth.h>
+@@ -86,7 +87,7 @@
+   if (!auth_negotiated) {
+     static char *error =
+       "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n";
+-    writenet(error, strlen(error));
++    output_datalen(error, strlen(error));
+     netflush();
+     exit(1);
+   }
 @@ -209,8 +210,7 @@
  				}
  
@@ -70,7 +79,13 @@
  
  		}
  	    }
-@@ -1638,6 +1633,46 @@
+@@ -1633,11 +1628,51 @@
+ 	ADD(IAC);
+ 	ADD(SE);
+ 
+-	writenet(statusbuf, ncp - statusbuf);
++	output_datalen(statusbuf, ncp - statusbuf);
+ 	netflush();	/* Send it on its way */
  
  	DIAG(TD_OPTIONS,
  		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c
index 0f1a14886101..9eef1709beeb 100644
--- a/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c
+++ b/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c
@@ -1,5 +1,14 @@
 --- appl/telnet/telnetd/telnetd.c.orig	Wed Feb 28 14:06:51 2001
-+++ appl/telnet/telnetd/telnetd.c	Thu Jul 19 19:20:46 2001
++++ appl/telnet/telnetd/telnetd.c	Mon Jul 23 17:27:05 2001
+@@ -693,7 +693,7 @@
+     char *error_message =
+ 	"Encryption was not successfully negotiated.  Goodbye.\r\n\r\n";
+ 
+-    writenet(error_message, strlen(error_message));
++    output_datalen(error_message, strlen(error_message));
+     netflush();
+     exit(1);
+ }
 @@ -782,9 +782,7 @@
  			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
  
@@ -106,7 +115,7 @@
  					neturg = nfrontp-1; /* off by one XXX */
  #endif
  				}
-@@ -1495,8 +1477,7 @@
+@@ -1495,13 +1477,11 @@
  					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
  					if (newflow != flowmode) {
  						flowmode = newflow;
@@ -116,7 +125,12 @@
  							IAC, SB, TELOPT_LFLOW,
  							flowmode ? LFLOW_ON
  								 : LFLOW_OFF,
-@@ -1524,19 +1505,19 @@
+ 							IAC, SE);
+-						nfrontp += 6;
+ 					}
+ 				}
+ 				pcc--;
+@@ -1524,19 +1504,19 @@
  				break;
  			c = *ptyip++ & 0377, pcc--;
  			if (c == IAC)
@@ -141,7 +155,7 @@
  			}
  		}
  #if	defined(CRAY2) && defined(UNICOS5)
-@@ -1707,10 +1688,7 @@
+@@ -1707,10 +1687,7 @@
  		return;
  	}
  #endif
diff --git a/security/krb5/files/patch-appl::telnet::telnetd::utility.c b/security/krb5/files/patch-appl::telnet::telnetd::utility.c
index 43c12b855e52..d49598c27487 100644
--- a/security/krb5/files/patch-appl::telnet::telnetd::utility.c
+++ b/security/krb5/files/patch-appl::telnet::telnetd::utility.c
@@ -1,5 +1,5 @@
 --- appl/telnet/telnetd/utility.c.orig	Wed Feb 28 14:06:52 2001
-+++ appl/telnet/telnetd/utility.c	Thu Jul 19 19:58:05 2001
++++ appl/telnet/telnetd/utility.c	Mon Jul 23 17:16:27 2001
 @@ -58,8 +58,7 @@
  {
      void netflush();
@@ -47,7 +47,41 @@
  #ifdef	ENCRYPTION
  	if (encrypt_output) {
  		char *s = nclearto ? nclearto : nbackp;
-@@ -528,12 +523,11 @@
+@@ -314,33 +309,6 @@
+ 
+ 
+ /*
+- * writenet
+- *
+- * Just a handy little function to write a bit of raw data to the net.
+- * It will force a transmit of the buffer if necessary
+- *
+- * arguments
+- *    ptr - A pointer to a character string to write
+- *    len - How many bytes to write
+- */
+-	void
+-writenet(ptr, len)
+-	register unsigned char *ptr;
+-	register int len;
+-{
+-	/* flush buffer if no room for new data) */
+-	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
+-		/* if this fails, don't worry, buffer is a little big */
+-		netflush();
+-	}
+-
+-	memcpy(nfrontp, ptr, len);
+-	nfrontp += len;
+-
+-}  /* end of writenet */
+-
+-
+-/*
+  * miscellaneous functions doing a variety of little jobs follow ...
+  */
+ 
+@@ -528,12 +496,11 @@
  	register int option;
  {
  	if (TELOPT_OK(option))
@@ -63,7 +97,7 @@
  	return;
  }
  
-@@ -550,9 +544,8 @@
+@@ -550,9 +517,8 @@
  		return;
  
  	if (direction) {
@@ -74,7 +108,7 @@
  	    if (length >= 3) {
  		register int j;
  
-@@ -560,232 +553,192 @@
+@@ -560,232 +526,192 @@
  		j = pointer[length-1];
  
  		if (i != IAC || j != SE) {
@@ -365,7 +399,7 @@
  		    break;
  		}
  		{
-@@ -796,24 +749,19 @@
+@@ -796,24 +722,19 @@
  			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
  			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
  			pointer[2]&MODE_ACK ? "|ACK" : "");
@@ -395,7 +429,7 @@
  		}
  	    }
  	    break;
-@@ -822,24 +770,20 @@
+@@ -822,24 +743,20 @@
  	    register char *cp;
  	    register int j, k;
  
@@ -425,7 +459,7 @@
  
  		for (i = 2; i < length; i++) {
  		    switch(pointer[i]) {
-@@ -850,18 +794,15 @@
+@@ -850,18 +767,15 @@
  		    common2:
  			i++;
  			if (TELOPT_OK(pointer[i]))
@@ -448,7 +482,7 @@
  			i++;
  			j = k = i;
  			while (j < length) {
-@@ -877,20 +818,17 @@
+@@ -877,20 +791,17 @@
  			}
  			printsub(0, &pointer[i], k - i);
  			if (i < length) {
@@ -472,7 +506,7 @@
  			break;
  		    }
  		}
-@@ -900,86 +838,77 @@
+@@ -900,86 +811,77 @@
  	  }
  
  	case TELOPT_XDISPLOC:
@@ -576,7 +610,7 @@
  		    break;
  		}
  	    }
-@@ -987,90 +916,69 @@
+@@ -987,90 +889,69 @@
  
  #if	defined(AUTHENTICATION)
  	case TELOPT_AUTHENTICATION:
@@ -684,7 +718,7 @@
  		    }
  		    break;
  	    }
-@@ -1079,86 +987,70 @@
+@@ -1079,86 +960,70 @@
  
  #ifdef	ENCRYPTION
  	case TELOPT_ENCRYPT:
@@ -789,7 +823,7 @@
  		}
  		break;
  	    }
-@@ -1167,18 +1059,15 @@
+@@ -1167,18 +1032,15 @@
  
  	default:
  	    if (TELOPT_OK(pointer[0]))
@@ -812,7 +846,7 @@
  }
  
  /*
-@@ -1200,26 +1089,22 @@
+@@ -1200,26 +1062,22 @@
  		}
  
  		/* add a line of output */