From e6c283132376119bbde5c0b353ffc3f4769bddb6 Mon Sep 17 00:00:00 2001
From: Stephen Heumann <stephenheumann@gmail.com>
Date: Sat, 9 Jan 2016 14:50:21 -0600
Subject: [PATCH] Work around a GNO kernel bug that could cause crashes in
 error cases.

The issue is that the kernel's pty structures get corrupted if the master side of a pty is opened and then closed without the slave side having been opened. This can happen with telnetd in various error cases. The workaround is to arrange for the slave side to be opened just before telnetd exits in those cases.
---
 telnetd/sys_term.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/telnetd/sys_term.c b/telnetd/sys_term.c
index 5cd8ad2..a882fcd 100644
--- a/telnetd/sys_term.c
+++ b/telnetd/sys_term.c
@@ -375,6 +375,24 @@ spcset(int func, cc_t *valp, cc_t **valpp)
 }
 #endif	/* USE_TERMIO */
 
+static int slave_opened = 0;
+
+#ifdef __GNO__
+/*
+ * open_slave_at_exit()
+ *
+ * Called at exit.  Works around a GNO kernel bug by ensuring that
+ * the slave side of the pty is opened before the master is closed.
+ */
+
+static void
+open_slave_at_exit(void)
+{
+	if (!slave_opened)
+		open(line, O_RDWR);
+}
+#endif /* __GNO__ */
+
 /*
  * getpty()
  *
@@ -407,6 +425,9 @@ getpty(int *ptynum __unused)
 	if (strlcpy(line, pn, sizeof line) >= sizeof line)
 		return (-1);
 
+#ifdef __GNO__
+	atexit(open_slave_at_exit);
+#endif
 	return (p);
 }
 
@@ -924,6 +945,7 @@ cleanopen(char *li)
 	if (t < 0)
 		return(-1);
 
+	slave_opened = 1;
 	return(t);
 }