GNU Inetutils Patches

Patches for GNU Inetutils

At the end of January 2022, my colleague Jörg Mayer reported a problem with the telnet client from GNU Inetutils. He examined the issue and sent a report with patch to the bug-inetutils@gnu.org mailing list. This sparked my curiosity and I looked at the code and the bug-inetutils@gnu.org mailing list archive.

Assorted Telnet Client Fixes

There are quite a few open bug reports concerning crashes in various GNU Inetutils programs. Since I am mostly interested in the Telnet client, I started developing fixes for bugs in telnet. After sending several little patches, at the end of February 2022 I sent four emails to the bug-inetutils@gnu.org mailing list with a cover letter describing the patch series followed by three patches created with git format-patch that can be applied to a git repository using git am. Those fix all reported crashes as well as the problem reported by Jörg and an off-by-one mistake in the fix for CVE-2019-0053.

Sadly, those patches did not receive any reply and they were not applied to the GNU Inetutils development git repository as of 2022-05-15. Thus I make the patches available here.

Update 2022-07-07: Simon Josefsson applied many of my patches to the GNU Networking Utilities development git repository. I have not yet verified the resulting code, but my patches against git should now be obsolete.

Update 2022-07-08: GNU Inetutils 2.3 has been released. Thus my patch against GNU Inetutils 2.2 can be seen as historic.

Update 2022-07-12: I have checked the current code in the GNU Inetutils git repository. All actual fixes from my patches have been included. Two changes to the genget() function in the libtelnet/genget.c file have not been applied. One of those changes is not as good as I initially thought and should not be applied. The other change is not important (and a bit dubious, too).

Update 2022-07-15: I now think the genget() patch to return a not found result when given a single SPACE as key should be disregarded, too. Thus all relevant patches have been applied upstream.

Obsolete patches against upstream git created using

git
    format-patch

for use with git am for convenience (patch works as well):

Obsolete consolidated unified (diff -Naur) patch against GNU Inetutils version 2.2: gnu-inetutils-2.2-telnet-fixes.patch

I have assigned the copyright for all my changes to GNU Inetutils to the Free Software Foundation.

back to my homepage.