telnetd deadlock on HP-UX 11.11

Nate Yocom nate.yocom at centrify.com
Tue Dec 27 14:11:17 EST 2005 

We've encountered a bug in the telnetd included with the MIT kerberos
package.  After installation and configuring inetd.conf, a connection
from a stock HP telnet client, or a windows telnet client, ends in a
deadlock between client/server.

I've narrowed it down to an error in the message sent by the server to
end suboptions.  For instance, A command from the server->client on RH
looks like (in ethereal):

Command: Do Negotiate About Window Size
Suboption Begin: New Environment Variable
    Option data
Command: Suboption end
Suboption Begin: Terminal Type
    Send your terminal type
Command: Suboption end

In this breakdown, the "Command: Suboption end" is the series of bytes,
FF F0 (IAC SE).  However,  The same message from the server, but running
on HPUX is:

Command: Do Negotiate About Window Size
Suboption Begin: New Environment Variable
    Option data
Command: Unknown (0x0)
Suboption Begin: Terminal Type
    Send your terminal type
Command: Unknown (0x0)

In this case, when the command to end each suboption *should* be FF F0,
it is
instead FF 00.  Other commands have okay SE terminators though, so its
not as simple as a bad declaration of SE on this platform.  As a result,
the client responds to the window size command, but not the new
environment var, or the terminal type commands, and a deadlock occurs as
the client waits for something from the server and vice versa.  Note
that the telnet client included with kerberos, as well as the one built
into cygwin both work without problems - as I suspect they don't parse
suboptions based on IAC SE strictly, or have been coded to explicitly
handle this bug/case.

This is only occurring (so far as I can tell) on the HP UX platform (I
can force similar behavior in RH if I define SE as 00).  However, I see
very little platform specific code in the area of these commands, so I
am still digging, trying to figure out why it sends an invalid suboption
end command only on this platform.  Anyone have any ideas? I can provide
ethereal traces if anyone is interested...

Nate

More information about the krbdev mailing list