At the end of January 2022, my colleague Jörg Mayer reported a problem
with the telnet
client from
GNU Inetutils.
He examined the issue and
sent a report with patch
to the
bug-inetutils@gnu.org
mailing list. This sparked my curiosity and I looked at the code
and the bug-inetutils@gnu.org
mailing list archive.
There are quite a few open bug reports concerning crashes in various
GNU Inetutils programs. Since I am mostly interested in the Telnet
client, I started developing fixes for bugs in telnet
.
After sending several little patches, at the end of February 2022 I
sent
four emails to the bug-inetutils@gnu.org mailing list with a
cover letter describing the patch series followed by three patches
created with git format-patch
that can be applied to a git
repository using git am
. Those fix all reported crashes
as well as the problem reported by Jörg and an off-by-one mistake in
the fix for
CVE-2019-0053.
Sadly, those patches did not receive any reply and they were not applied to the GNU Inetutils development git repository as of 2022-05-15. Thus I make the patches available here.
Update 2022-07-07: Simon Josefsson applied many of my patches to the GNU Networking Utilities development git repository. I have not yet verified the resulting code, but my patches against git should now be obsolete.
Update 2022-07-08: GNU Inetutils 2.3 has been released. Thus my patch against GNU Inetutils 2.2 can be seen as historic.
Update 2022-07-12: I have
checked
the current code in the GNU Inetutils git repository. All actual
fixes from my patches have been included. Two changes to the
genget()
function in the
libtelnet/genget.c
file have not been applied.
One
of those changes is
not as good
as I initially thought and should not be applied. The
other
change is not important (and a bit dubious, too).
Update 2022-07-15: I now think the genget()
patch to return a not found result when given a single
SPACE
as key should be
disregarded,
too. Thus all
relevant patches have been applied upstream.
git
format-patch
for use with git am
for convenience
(patch
works as well):
Obsolete consolidated unified (diff -Naur
) patch against
GNU Inetutils version 2.2:
gnu-inetutils-2.2-telnet-fixes.patch
I have assigned the copyright for all my changes to GNU Inetutils to the Free Software Foundation.
back to my homepage.