From 8ab8ce5e6e451b9c4eba9acb32123bfb1c412a7f Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Tue, 24 Jul 2001 15:28:25 +0000 Subject: Update telnetd vulnerability fixes from FreeBSD. Submitted by: Cy Schubert --- .../files/patch-appl::telnet::telnetd::state.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'security/krb5-appl/files/patch-appl::telnet::telnetd::state.c') diff --git a/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c b/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c index e9d2069eef6f..baf207333a1d 100644 --- a/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c +++ b/security/krb5-appl/files/patch-appl::telnet::telnetd::state.c @@ -1,5 +1,5 @@ ---- appl/telnet/telnetd/state.c.ORIG Wed Feb 28 16:06:51 2001 -+++ appl/telnet/telnetd/state.c Fri Jul 20 08:41:10 2001 +--- appl/telnet/telnetd/state.c.orig Wed Feb 28 14:06:51 2001 ++++ appl/telnet/telnetd/state.c Mon Jul 23 17:48:48 2001 @@ -33,6 +33,7 @@ /* based on @(#)state.c 8.1 (Berkeley) 6/4/93 */ @@ -8,6 +8,15 @@ #include "telnetd.h" #if defined(AUTHENTICATION) #include +@@ -86,7 +87,7 @@ + if (!auth_negotiated) { + static char *error = + "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n"; +- writenet(error, strlen(error)); ++ output_datalen(error, strlen(error)); + netflush(); + exit(1); + } @@ -209,8 +210,7 @@ } @@ -70,7 +79,13 @@ } } -@@ -1638,6 +1633,46 @@ +@@ -1633,11 +1628,51 @@ + ADD(IAC); + ADD(SE); + +- writenet(statusbuf, ncp - statusbuf); ++ output_datalen(statusbuf, ncp - statusbuf); + netflush(); /* Send it on its way */ DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();}); -- cgit v1.2.3