doc/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch

Index: crypto/kerberosIV/lib/krb/kdc_reply.c
===================================================================
RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v
retrieving revision 1.1.1.1.4.1
retrieving revision 1.1.1.1.4.2
diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2
--- crypto/kerberosIV/lib/krb/kdc_reply.c	2000/07/04 15:04:26	1.1.1.1.4.1
+++ crypto/kerberosIV/lib/krb/kdc_reply.c	2000/12/15 03:02:19	1.1.1.1.4.2
@@ -121,6 +121,9 @@
     p += krb_get_int(p, &exp_date, 4, little_endian);
     p++; /* master key version number */
     p += krb_get_int(p, &clen, 2, little_endian);
+    if (reply->length - (p - reply->dat) < clen)
+	return INTK_PROT;
+
     cip->length = clen;
     memcpy(cip->dat, p, clen);
     p += clen;
Index: crypto/kerberosIV/lib/krb/tf_util.c
===================================================================
RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v
retrieving revision 1.1.1.1.4.1
retrieving revision 1.1.1.1.4.2
diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2
--- crypto/kerberosIV/lib/krb/tf_util.c	2000/07/04 15:04:27	1.1.1.1.4.1
+++ crypto/kerberosIV/lib/krb/tf_util.c	2000/12/15 03:01:31	1.1.1.1.4.2
@@ -249,20 +249,6 @@
 int
 tf_create(char *tf_name)
 {
-  struct stat statbuf;
-  char garbage[BUFSIZ];
-
-  fd = open(tf_name, O_RDWR | O_BINARY, 0);
-  if (fd >= 0) {
-    if (fstat (fd, &statbuf) == 0) {
-      int i;
-
-      for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
-	write (fd, garbage, sizeof(garbage));
-    }
-    close (fd);
-  }
-
   if (unlink (tf_name) && errno != ENOENT)
     return TKT_FIL_ACC;
 
Index: crypto/kerberosIV/lib/krb/extra.c
===================================================================
RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v
retrieving revision 1.1.1.2.4.1
retrieving revision 1.1.1.2.4.2
diff -u -u -r1.1.1.2.4.1 -r1.1.1.2.4.2
--- crypto/kerberosIV/lib/krb/extra.c	2000/07/04 15:04:25	1.1.1.2.4.1
+++ crypto/kerberosIV/lib/krb/extra.c	2000/12/15 03:01:04	1.1.1.2.4.2
@@ -70,30 +70,6 @@
 
 #ifndef WIN32
 
-struct obsolete {
-    const char *from;
-    const char *to;
-} obsolete [] = {
-    { "KDC_TIMESYNC", "kdc_timesync" },
-    { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
-    { "krb4_proxy", "krb4_proxy"},
-    { NULL, NULL }
-};
-    
-static void
-check_obsolete(void)
-{
-    struct obsolete *r;
-    for(r = obsolete; r->from; r++) {
-	if(getenv(r->from)) {
-	    krb_warning("The environment variable `%s' is obsolete;\n"
-			"set `%s' in your `krb.extra' file instead\n", 
-			r->from, r->to);
-	    define_variable(r->to, getenv(r->from));
-	}
-    }
-}
-
 static int
 read_extra_file(void)
 {
@@ -103,7 +79,6 @@
     if(_krb_extra_read)
 	return 0;
     _krb_extra_read = 1;
-    check_obsolete();
     while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
 	FILE *f = fopen(file, "r");
 	if(f == NULL)
Index: crypto/telnet/telnetd/sys_term.c
===================================================================
RCS file: /home/ncvs/src/crypto/telnet/telnetd/sys_term.c,v
retrieving revision 1.5.2.2
retrieving revision 1.5.2.3
diff -u -r1.5.2.2 -r1.5.2.3
--- crypto/telnet/telnetd/sys_term.c	1999/08/29 16:18:10	1.5.2.2
+++ crypto/telnet/telnetd/sys_term.c	2000/12/15 03:00:11	1.5.2.3
@@ -1839,27 +1839,48 @@
 /*
  * scrub_env()
  *
- * Remove a few things from the environment that
- * don't need to be there.
+ * We only accept the environment variables listed below.
  */
 	void
 scrub_env()
 {
-	register char **cpp, **cpp2;
+	static const char *reject[] = {
+		"TERMCAP=/",
+		NULL
+	};
 
-	for (cpp2 = cpp = environ; *cpp; cpp++) {
-#ifdef __FreeBSD__
-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
-#else
-		if (strncmp(*cpp, "LD_", 3) &&
-		    strncmp(*cpp, "_RLD_", 5) &&
-		    strncmp(*cpp, "LIBPATH=", 8) &&
-#endif
-		    strncmp(*cpp, "IFS=", 4))
-			*cpp2++ = *cpp;
-	}
-	*cpp2 = 0;
+	static const char *accept[] = {
+		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
+		"TERM=",
+		"EDITOR=",
+		"PAGER=",
+		"LOGNAME=",
+		"POSIXLY_CORRECT=",
+		"PRINTER=",
+		NULL
+	};
+
+	char **cpp, **cpp2;
+	const char **p;
+ 
+ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
+		int reject_it = 0;
+
+		for(p = reject; *p; p++)
+			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
+				reject_it = 1;
+				break;
+			}
+		if (reject_it)
+			continue;
+
+		for(p = accept; *p; p++)
+			if(strncmp(*cpp, *p, strlen(*p)) == 0)
+				break;
+		if(*p != NULL)
+ 			*cpp2++ = *cpp;
+ 	}
+	*cpp2 = NULL;
 }
 
 /*
Index: libexec/telnetd/sys_term.c
===================================================================
RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
retrieving revision 1.20.2.4
retrieving revision 1.20.2.5
diff -u -r1.20.2.4 -r1.20.2.5
--- libexec/telnetd/sys_term.c	2000/11/20 03:09:37	1.20.2.4
+++ libexec/telnetd/sys_term.c	2000/12/15 02:59:15	1.20.2.5
@@ -1778,34 +1778,48 @@
 /*
  * scrub_env()
  *
- * Remove a few things from the environment that
- * don't need to be there.
+ * We only accept the environment variables listed below.
  */
 	void
 scrub_env()
 {
-	register char **cpp, **cpp2;
+	static const char *reject[] = {
+		"TERMCAP=/",
+		NULL
+	};
 
-	for (cpp2 = cpp = environ; *cpp; cpp++) {
-#ifdef __FreeBSD__
-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
-#else
-		if (strncmp(*cpp, "LD_", 3) &&
-		    strncmp(*cpp, "_RLD_", 5) &&
-		    strncmp(*cpp, "LIBPATH=", 8) &&
-#endif
-		    strncmp(*cpp, "LOCALDOMAIN=", 12) &&
-		    strncmp(*cpp, "RES_OPTIONS=", 12) &&
-		    strncmp(*cpp, "TERMINFO=", 9) &&
-		    strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
-		    strncmp(*cpp, "TERMPATH=", 9) &&
-		    strncmp(*cpp, "TERMCAP=/", 9) &&
-		    strncmp(*cpp, "ENV=", 4) &&
-		    strncmp(*cpp, "IFS=", 4))
-			*cpp2++ = *cpp;
-	}
-	*cpp2 = 0;
+	static const char *accept[] = {
+		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
+		"TERM=",
+		"EDITOR=",
+		"PAGER=",
+		"LOGNAME=",
+		"POSIXLY_CORRECT=",
+		"PRINTER=",
+		NULL
+	};
+
+	char **cpp, **cpp2;
+	const char **p;
+ 
+ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
+		int reject_it = 0;
+
+		for(p = reject; *p; p++)
+			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
+				reject_it = 1;
+				break;
+			}
+		if (reject_it)
+			continue;
+
+		for(p = accept; *p; p++)
+			if(strncmp(*cpp, *p, strlen(*p)) == 0)
+				break;
+		if(*p != NULL)
+ 			*cpp2++ = *cpp;
+ 	}
+	*cpp2 = NULL;
 }
 
 /*