MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-07-19 15:29:08 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
de50b4d8f2
meta-openembedded/meta-networking/recipes-netkit
History
Julius Hemanth Pitti 232b82afd4 netkit-telnetd: Fix buffer overflow in netoprintf 
netoprintf() was not handling a case where
return value of vsnprintf is greater than
"size"(2nd argument), results in buffer overflow
while adjusting "nfrontp" pointer to point
beyond "netobuf" buffer.

Here is one such case where "nfrontp"
crossed boundaries of "netobuf", and
pointing to another global variable.

(gdb) p &netobuf[8255]
$5 = 0x55c93afe8b1f <netobuf+8255> ""
(gdb) p nfrontp
$6 = 0x55c93afe8c20 <terminaltype> "\377"
(gdb) p &terminaltype
$7 = (char **) 0x55c93afe8c20 <terminaltype>
(gdb)

This resulted in crash of telnetd service
with segmentation fault.

Signed-off-by: Julius Hemanth Pitti <jpitti@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-07-21 16:46:36 -07:00
..
netkit-ftp netkit-ftp: clean in configure step broken 2020-02-27 17:24:19 -08:00
netkit-rpc recipes: Link with libtirpc 2018-05-17 08:32:26 -07:00
netkit-rsh netkit-rsh: properly append PACKAGECONFIG 2020-06-03 15:15:43 -07:00
netkit-rusers use weak assignments for PNBLACKLIST in recipe files 2020-05-26 10:28:39 -07:00
netkit-rwho netkit-rwho: Add logic to apply patches from tarball 2020-03-29 17:32:21 -07:00
netkit-telnet netkit-telnetd: Fix buffer overflow in netoprintf 2020-07-21 16:46:36 -07:00
netkit-tftp netkit-tftp: Fix build with musl 2017-09-12 10:55:07 -04:00