Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:16.0:FactoryCandidates
telnet
CVE-2022-39028.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-39028.patch of Package telnet
Description: Fix remote DoS vulnerability in inetutils-telnetd This is caused by a crash by a NULL pointer dereference when sending the byte sequences «0xff 0xf7» or «0xff 0xf8». Authors: Pierre Kim (original patch), Alexandre Torres (original patch), Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch), Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de> Origin: upstream Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html Last-Update: 2022-08-28 diff --git a/telnetd/state.c b/telnetd/state.c index ffc6cbaf..c2d760f8 100644 --- a/telnetd/state.c +++ b/telnetd/state.c @@ -185,16 +185,22 @@ telrcv (void) case EC: case EL: { - cc_t ch; + cc_t ch = (cc_t) (_POSIX_VDISABLE); DIAG(TD_OPTIONS, printoption("td: recv IAC", c)); ptyflush(); /* half-hearted */ init_termbuf(); if (c == EC) - ch = *slctab[SLC_EC].sptr; + { + if (slctab[SLC_EC].sptr) + ch = *slctab[SLC_EC].sptr; + } else - ch = *slctab[SLC_EL].sptr; + { + if (slctab[SLC_EL].sptr) + ch = *slctab[SLC_EL].sptr; + } if (ch != (cc_t)(_POSIX_VDISABLE)) *pfrontp++ = (unsigned char)ch; break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor