Hello Simon,
On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
> Erik Auerswald <[email protected]> writes:
>
> >> Please test commit access by pushing the patch, after writing
> >> a suitable NEWS entry.
> >
> > I have just committed and pushed the telnetd crash fix patch[1],
> > including a NEWS entry.
> >
> > [1] https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
>
> Looks great!
Thanks! :-)
> [...]
> did you notice some fuzzing report that wasn't fixed?
I think the following reports have not yet been addressed:
* Problems found in ftp (the code did not change since the reports):
* Untrusted Pointer Dereference in domacro() at inetutils/ftp/domacro.c:186
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00003.html
(https://savannah.gnu.org/bugs/?61722)
* Infinite Loop in domacro at domacro.c:258
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00005.html
https://savannah.gnu.org/bugs/?61724
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00008.html
* A heap-buffer-overflow in another () at cmds.c:202
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00016.html
* NULL Pointer Dereference in setnmap() at cmds.c:2303
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00004.html
https://savannah.gnu.org/bugs/?61723
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00013.html
* Problems found in tftp (the code did not change since the report):
* Untrusted Pointer Dereference in getcmd() at inetutils/src/tftp.c:878
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html
At first glance the above problems might be caused by feeding unexpected
input to the ftp and tftp clients.
AFAIK the other fuzzer-based crash reports have already been addressed
before the release of GNU Inetutils 2.3:
* I think you addressed the following two reports:
* Heap-based Buffer Overflow in logger
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00015.html
(see git commit 8e0df0e80b156a09ff361050bac38bbdcda03aef)
* Memory leak in ifconfig
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00014.html
(see git commit 6599d2be88c4e44ef88470aef16bf10bd7d67884)
[ I did not analyze the above two bug reports or the commits intended ]
[ to fix the issues. I just assume that they are addressed based on ]
[ the commit log. :-) ]
* My patches should have addressed all the reports pertaining to telnet:
* NULL Pointer Dereference in setcmd () at commands.c:1152
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00017.html
* NULL Pointer Dereference in unsetcmd() at inetutils/telnet/commands.c:1227
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00007.html
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00011.html
* NULL Pointer Dereference in help() at inetutils/telnet/commands.c:3094
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00006.html
https://savannah.gnu.org/bugs/?61725
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00009.html
https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00012.html
> I have a re-implementation of 'arp' that belongs in inetutils, maybe I
> should finally add it...
I have no objections. ;-)
Thanks,
Erik
