Re: [bug-inetutils] Telnetd fails to handle some of TIOCPKT control bytes.

[Mats Erik Andersson]

Saturday den 28 February 2015 klockan 14:15 skrev Takashi Yano detta:
> Package: inetutils
> Version: 1.9.2 or older
> 
> Telnetd in inetutils package lacks handling of some of TIOCPKT
> control bytes. The most influential thing is a lack of handling
> of TIOCPKT_DATA. TIOCPKT_DATAs i.e. '\0's frequently appear in
> the stream of network side. TIOCPKT_FLUSHREAD, TIOCPKT_STOP and
> TIOPKT_START leak out into network side too.
> 
> To fix this problem, I have made following patch.
> 
> In this patch, the first byte from read() is always treated as
> a TIOCPKT control byte. Therefore, it is simply read out instead
> of being peeked. This is based on description in man tty_ioctl,
> which says the first byte returned by read() is always a TIOCPKT
> control byte.
> 

These are all valid observations.  Based on previous messages
on this issue and on your discussion, I arrived at a solution
which has been pushed to the development head.  The relevant
changes to inetutils-1.9.2 are reproduced below.  Exactly as
you have observed, the issue boils down to a call pty_get_char(0)
which got hidden in a subcase, instead of being executed every
time the PTY delivered a packet.

Thanks for bringing the matter to my attentions (I had lost
contact with the list from November 28th until this week!)

Best regards,
  Mats Erik Andersson


--- telnetd/telnetd.c.orig
+++ telnetd/telnetd.c
@@ -658,7 +658,7 @@
       if (FD_ISSET (pty, &ibits))
        {
          /* Something to read from the pty... */
-         if (pty_read () < 0)
+         if (pty_read () <= 0)
            break;
          c = pty_get_char (1);
 #if defined TIOCPKT_IOCTL
@@ -689,9 +689,8 @@
                                   IAC, SB, TELOPT_LFLOW,
                                   flowmode ? LFLOW_ON : LFLOW_OFF, IAC, SE);
                }
-             pty_get_char (0);
            }
-
+         pty_get_char (0);
        }
 
       while (pty_input_level () > 0)