aboutsummaryrefslogtreecommitdiff
path: root/contrib/telnet/libtelnet
Commit message (Collapse)AuthorAgeFilesLines
* telnet: Prevent buffer overflow in the user prompt for SRAJohn Baldwin2025-04-161-4/+12
| | | | | | | | | | | | | | | | | | | | The Secure RPC authenticator for telnet prompts the local user for the username to use for authentication. Previously it was using sprintf() into a buffer of 256 bytes, but the username received over the wire can be up to 255 bytes long which would overflow the prompt buffer. Fix this in two ways: First, use snprintf() and check for overflow. If the prompt buffer overflows, fail authentication without prompting the user. Second, add 10 bytes to the buffer size to account for the overhead of the prompt so that a maximally sized username fits. While here, replace a bare 255 in the subsequent telnet_gets call with an expression using sizeof() the relevant buffer. PR: 270263 Reported by: Robert Morris <rtm@lcs.mit.edu> Tested on: CHERI Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D49832
* telnet: remove locally added __FBSDIDBrooks Davis2023-11-2713-49/+0
| | | | | | | This partially reverts 77b7cdf1999ee965ad494fddd184b18f532ac91a. Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D42704
* Revert 359399: telnet -fno-common bitsKyle Evans2020-03-281-0/+7
| | | | | | | | There was a large misfire from my local diff that I need to investigate, and this version committed did not build. Notes: svn path=/head/; revision=359403
* telnet: remove some duplicate definitions, mark terminaltype externKyle Evans2020-03-281-7/+0
| | | | | | | | | | | | Most of these were already properly declared and defined elsewhere, this is effectively just a minor cleanup that fixes the -fno-common build. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days Notes: svn path=/head/; revision=359399
* libtelnet: Replace bogus use of srandomdev + random to generate "public key ↵Conrad Meyer2019-12-131-6/+1
| | | | | | | | | | | pair" I'm pretty skeptical that any crypto in telnet is worth using, but if we're ostensibly generating keys, arc4random is strictly better than the previous construct. Notes: svn path=/head/; revision=355699
* telnet: remove 3rd clause from Berkeley copyrightsEd Maste2019-08-1518-90/+18
| | | | | | | | | | | | Per the July 22, 1999 letter (in /COPYRIGHT) from William Hoskins Director, Office of Technology Licensing University of California, Berkeley MFC after: 1 week Notes: svn path=/head/; revision=351070
* Make telnet(1) buildable.Jung-uk Kim2018-09-195-30/+30
| | | | Notes: svn path=/projects/openssl111/; revision=338777
* Revert r338774. Unrelated changes were committed with Apache Serf.Jung-uk Kim2018-09-195-30/+30
| | | | Notes: svn path=/projects/openssl111/; revision=338775
* Update Apache Serf to 1.3.9 to make it buildable with OpenSSL 1.1.1.Jung-uk Kim2018-09-195-30/+30
| | | | Notes: svn path=/projects/openssl111/; revision=338774
* Squelch clang 3.9.0 warnings about BASE (which is 32768) being convertedDimitry Andric2016-08-301-1/+1
| | | | | | | | | | | to -32768 when it is used as an argument to mp_itom(), in both libtelnet and newkey. This code has been wrong since r26238 (!), so after almost 20 years it is rather useless to try to correct it. MFC after: 1 week Notes: svn path=/head/; revision=305077
* - Do not use deprecated krb5 error message reporting functions in libtelnet.Stanislav Sedov2012-04-061-53/+55
| | | | Notes: svn path=/head/; revision=233932
* Fix a problem whereby a corrupt DNS record can cause named to crash. [11:06]Colin Percival2011-12-231-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Add an API for alerting internal libc routines to the presence of "unsafe" paths post-chroot, and use it in ftpd. [11:07] Fix a buffer overflow in telnetd. [11:08] Make pam_ssh ignore unpassphrased keys unless the "nullok" option is specified. [11:09] Add sanity checking of service names in pam_start. [11:10] Approved by: so (cperciva) Approved by: re (bz) Security: FreeBSD-SA-11:06.bind Security: FreeBSD-SA-11:07.chroot Security: FreeBSD-SA-11:08.telnetd Security: FreeBSD-SA-11:09.pam_ssh Security: FreeBSD-SA-11:10.pam Notes: svn path=/head/; revision=228843
* In contrib/telnet/libtelnet/sra.c, use the correct number of bytes toDimitry Andric2011-12-161-1/+1
| | | | | | | | | zero the password buffer. MFC after: 1 week Notes: svn path=/head/; revision=228559
* Rename all symbols in libmp(3) to mp_*, just like Solaris.Ed Schouten2009-02-261-43/+43
| | | | | | | | | | | | | | | The function pow() in libmp(3) clashes with pow(3) in libm. We could rename this single function, but we can just take the same approach as the Solaris folks did, which is to prefix all function names with mp_. libmp(3) isn't really popular nowadays. I suspect not a single application in ports depends on it. There's still a chance, so I've increased the SHLIB_MAJOR and __FreeBSD_version. Reviewed by: deischen, rdivacky Notes: svn path=/head/; revision=189092
* Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3.David E. O'Brien2003-05-042-11/+9
| | | | Notes: svn path=/head/; revision=114630
* Unbreak Kerberos 5 authentication in telnet.Jacques Vidrine2003-03-061-0/+24
| | | | | | | | | (Credential forwarding is still broken.) PR: bin/45397 Notes: svn path=/head/; revision=111946
* Background:Jacques Vidrine2003-01-292-14/+2
| | | | | | | | | | | | | | | | | | | | | | | | When libdes was replaced with OpenSSL's libcrypto, there were a few interfaces that the former implemented but the latter did not. Because some software in the base system still depended upon these interfaces, we simply included them in our libcrypto (rnd_keys.c). Now, finally get around to removing the dependencies on these interfaces. There were basically two cases: des_new_random_key -- This is just a wrapper for des_random_key, and these calls were replaced. des_init_random_number_generator et. al. -- A few functions were used by the application to seed libdes's PRNG. These are not necessary when using libcrypto, as OpenSSL internally seeds the PRNG from /dev/random. These calls were simply removed. Again, some of the Kerberos 4 files have been taken off the vendor branch. I do not expect there to be future imports of KTH Kerberos 4. Notes: svn path=/head/; revision=110049
* Encrypted strings (after hex decoding) aren't null terminated, becauseNick Sayer2002-08-221-4/+0
| | | | | | | | | | | 0 might simply be part of the ciphertext. PR: bin/40266 Submitted by: andr@dgap.mipt.ru MFC after: 3 days Notes: svn path=/head/; revision=102250
* Warnings fixes. Sort out some variable types.Mark Murray2002-06-261-6/+7
| | | | Notes: svn path=/head/; revision=98884
* Help fix warnings by marking an argument as unused.Mark Murray2002-06-261-0/+1
| | | | Notes: svn path=/head/; revision=98882
* Fix an external declaration that was causing telnetd to core dump.Mark Murray2002-05-061-1/+1
| | | | | | | | MFC after: 1 week PR: 37766 Notes: svn path=/head/; revision=96108
* Update build after import of Heimdal Kerberos 2002/02/17.Jacques Vidrine2002-02-191-1/+1
| | | | Notes: svn path=/head/; revision=90931
* help the alphas out with the WARNS=2 stuff.Mark Murray2001-12-031-1/+1
| | | | Notes: svn path=/head/; revision=87266
* Damn. The previous mega-commit was incomplete WRT ANSIfication. ThisMark Murray2001-11-307-37/+14
| | | | | | | fixes that. Notes: svn path=/head/; revision=87155
* Very large style makeover.Mark Murray2001-11-3021-2084/+1175
| | | | | | | | | | | | | | | | 1) ANSIfy. 2) Clean up ifdefs so that a) ones that never/always apply are appropriately either fully removed, or just the #if junk is removed. b) change #if defined(FOO) for appropiate values of FOO. (currently AUTHENTICATION and ENCRYPTION) 3) WARNS=2 fixing 4) GC other unused stuff This code can now be unifdef(1)ed to make non-crypto telnet. Notes: svn path=/head/; revision=87139
* Fix world by trimming an extra comment terminator.John Baldwin2001-10-291-1/+1
| | | | Notes: svn path=/head/; revision=85703
* Add Berkeley copyright to SRA.Nick Sayer2001-10-293-1/+91
| | | | | | | | | | | | | | | | | | | | | | | | | This is by the kind permission of Dave Safford, formerly of TAMU who wrote the original code. Here is an excerpt of the e-mail exchange concerning this issue: Dave Safford wrote: >Nick Sayer wrote: >> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to >> ask if you had a prefered license boilerplate for the top of the files. It >> has come up recently, and the SRA code in FreeBSD doesn't have one. >I really have no preference - use whatever is most convenient in the >FreeBSD environment. >dave safford This is the standard BSD license with clause 3 removed and clause 4 suitably renumbered. MFC after: 1 day Notes: svn path=/head/; revision=85690
* Add __FBSDID() to diff-reduce with "base" telnet.Mark Murray2001-10-0114-28/+40
| | | | Notes: svn path=/head/; revision=84305
* Code merge and diff reduce with "base" telnet. This is the "later"Mark Murray2001-08-209-139/+90
| | | | | | | | telnet, so it was treated as the reference code, except where later commits were made to "base" telnet. Notes: svn path=/head/; revision=81965
* Make the PAM user-override actually override the correect thing.Nick Sayer2001-05-171-3/+3
| | | | Notes: svn path=/head/; revision=76751
* Fix the latest telnet breakage. Obviously this was never compiled.Peter Wemm2001-05-171-4/+4
| | | | Notes: svn path=/head/; revision=76711
* Make sure the protocol actively rejects bad data rather thanNick Sayer2001-05-161-8/+8
| | | | | | | (potentially) not responding to an invalid SRA 'auth is' message. Notes: svn path=/head/; revision=76696
* srandomdev() affords us the opportunity to radically improve, and at theNick Sayer2001-05-161-0/+7
| | | | | | | same time simplify, the random number selection code. Notes: svn path=/head/; revision=76691
* Catch any attempted buffer overflows. The magic numbers in this codeNick Sayer2001-05-161-2/+6
| | | | | | | | | | (512) are a little distressing, but the method really needs to be extended to allow server-supplied DH parameters anyway. Submitted by: kris Notes: svn path=/head/; revision=76690
* Catch malloc return failures. This should help avoid dereferencing NULL onNick Sayer2001-05-161-0/+8
| | | | | | | | | low-memory situations. Submitted by: kris Notes: svn path=/head/; revision=76689
* If the uid of the attempted authentication is 0 and if the pty isNick Sayer2001-05-151-1/+34
| | | | | | | | insecure, do not succeed. Copied from login.c. This functionality really should be a PAM module. Notes: svn path=/head/; revision=76610
* Pointy hat fix -- reapply the SRA PAM patch. To -current this time.Nick Sayer2001-05-071-0/+133
| | | | Notes: svn path=/head/; revision=76339
* Fix core noted in -stable with 'auth disable SRA'.Nick Sayer2001-03-181-2/+2
| | | | | | | | I just mistakenly commited this to RELENG_4. I have contacted Jordan to see about how to fix this. Pass the pointy hat. Notes: svn path=/head/; revision=74411
* Add missing $FreeBSD$ to files that are NOT still on vendor a branch.Peter Wemm2000-07-169-0/+30
| | | | Notes: svn path=/head/; revision=63248
* Fix 'telnet -X sra' coredumpNick Sayer2000-07-111-1/+3
| | | | | | | PR# 19835 Notes: svn path=/head/; revision=62958
* Don't call printf with no format string.Kris Kennaway2000-07-101-1/+5
| | | | Notes: svn path=/head/; revision=62868
* Get crypto from libcrypto, not libdes.Mark Murray2000-02-245-5/+13
| | | | Notes: svn path=/head/; revision=57442
* According to Mark Murray, Makefiles do not belong here. I guess we'reNick Sayer1999-08-161-19/+0
| | | | | | | going to have to figure something else out. Notes: svn path=/head/; revision=49901
* Add SRA authentication to src/crypto/telnet.Nick Sayer1999-08-169-4/+840
| | | | | | | | | | | | | | | | | | | | | | | SRA does a Diffie-Hellmen exchange and then DES-encrypts the authentication data. If the authentication is successful, it also sets up a session key for DES encryption. SRA was originally developed at Texas A&M University. This code is probably export restricted (despite the fact that I originally found it at a University in Germany). SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks and does not use tremendously large DH constants (and thus an individual exchange probably could be factored in a few days on modern CPU horsepower). It does not, however, require any changes in user or administrative behavior and foils session hijacking and sniffing. The goal of this commit is that telnet and telnetd end up in the DES distribution and that therefore an encrypted session telnet becomes standard issue for FreeBSD. Notes: svn path=/head/; revision=49887
* Old stuff laying around: Don't use getstr which can conflict with somePeter Wemm1998-12-161-1/+1
| | | | | | | curses/termcap/terminfo implementations and causes recursion. Notes: svn path=/head/; revision=41858
* Bring the FreeBSD changes to the virgin sources.Mark Murray1997-09-0711-76/+87
| | | | Notes: svn path=/head/; revision=29181
* Initial import of BSD telnet. This will be used to build the kerberisedMark Murray1997-09-0419-0/+6265
telnet, and after userland diffs have been merged in, will be used to build the non-kerberised sources as well. (See unifdef(1) for details) Notes: svn path=/vendor-crypto/telnet/dist/; revision=29088
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-10 22:06:09 +0000