Submitted By: Jim Gifford (patches at jg555 dot com)
Date: 2003-09-10
Initial Package Version: 1.4.2
Origin: inetutils CVS
Description: Don't set hostname to DNS canonicalized value.
	     Attackers may control DNS and fool the Kerberos
	     authentication code to use the wrong realm for
	     the server, and consequently the wrong KDC for
	     the server, which the attackers could also control.
	     Ultimately the attacker can fool the server
	     authentication check in the client.

diff -Naur inetutils-1.4.2.orig/telnet/commands.c inetutils-1.4.2/telnet/commands.c
--- inetutils-1.4.2.orig/telnet/commands.c	2002-06-26 03:15:06.000000000 +0000
+++ inetutils-1.4.2/telnet/commands.c	2003-09-10 16:41:29.000000000 +0000
@@ -2296,17 +2296,6 @@
 	    sin.sin_addr.s_addr = temp;
 	    sin.sin_family = AF_INET;
 
-	    if (_hostname)
-		free (_hostname);
-	    _hostname = malloc (strlen (hostp) + 1);
-	    if (_hostname) {
-		strcpy (_hostname, hostp);
-		hostname = _hostname;
-	    } else {
-		printf ("Can't allocate memory to copy hostname\n");
-		setuid(getuid());
-		return 0;
-	    }
 	} else {
 	    host = gethostbyname(hostp);
 	    if (host) {
@@ -2318,23 +2307,19 @@
 		memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
 #endif	/* defined(h_addr) */
 
-		if (_hostname)
-		    free (_hostname);
-		_hostname = malloc (strlen (host->h_name) + 1);
-		if (_hostname) {
-		    strcpy (_hostname, host->h_name);
-		    hostname = _hostname;
-		} else {
-		    printf ("Can't allocate memory to copy hostname\n");
-		    setuid(getuid());
-		    return 0;
-		}
-	    } else {
-		herror(hostp);
-	        setuid(getuid());
-		return 0;
 	    }
 	}
+        if (_hostname)
+		free (_hostname);
+        _hostname = malloc (strlen (hostp) + 1);
+        if (_hostname) {
+		strcpy (_hostname, hostp);
+		hostname = _hostname;
+    	} else {
+		printf ("Can't allocate memory to copy hostname\n");
+		setuid(getuid());
+		return 0;
+    	}
 #if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
     }
 #endif