[bug-inetutils] Telnetd fails to handle some of TIOCPKT control bytes.

bug-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] Telnetd fails to handle some of TIOCPKT control bytes.

From:	Takashi Yano
Subject:	[bug-inetutils] Telnetd fails to handle some of TIOCPKT control bytes.
Date:	Sat, 28 Feb 2015 14:15:25 +0900

Package: inetutils
Version: 1.9.2 or older

Telnetd in inetutils package lacks handling of some of TIOCPKT
control bytes. The most influential thing is a lack of handling
of TIOCPKT_DATA. TIOCPKT_DATAs i.e. '\0's frequently appear in
the stream of network side. TIOCPKT_FLUSHREAD, TIOCPKT_STOP and
TIOPKT_START leak out into network side too.

In most cases, '\0' is invisible on a terminal, therefore it is
hardly noticed. However, sometimes multibyte characters are
displayed incorrectly by interference of inserted '\0'.

To reproduce this problem:
1) Install telnetd in inetutils package.
2) Make a typescript file by:
      script -qc 'telnet localhost'
3) Do something to produce some text outputs.
4) Logout from the telnet session.
5) Look into the typescript file, then you will find
   many extra '\0's (^@) in it.

To fix this problem, I have made following patch.

In this patch, the first byte from read() is always treated as
a TIOCPKT control byte. Therefore, it is simply read out instead
of being peeked. This is based on description in man tty_ioctl,
which says the first byte returned by read() is always a TIOCPKT
control byte.


Related bug reports:
http://lists.gnu.org/archive/html/bug-inetutils/2007-05/msg00003.html
http://lists.gnu.org/archive/html/bug-inetutils/2007-11/msg00003.html
http://lists.gnu.org/archive/html/bug-inetutils/2014-12/msg00001.html



*** telnetd.c.orig      2013-12-03 23:57:44.000000000 +0900
--- telnetd.c   2015-02-15 14:51:56.301911766 +0900
***************
*** 660,670 ****
          /* Something to read from the pty... */
          if (pty_read () < 0)
            break;
!         c = pty_get_char (1);
  #if defined TIOCPKT_IOCTL
          if (c & TIOCPKT_IOCTL)
            {
-             pty_get_char (0);
              copy_termbuf ();
              localstat ();
            }
--- 660,669 ----
          /* Something to read from the pty... */
          if (pty_read () < 0)
            break;
!         c = pty_get_char (0); /* read TIOCPKT control byte */
  #if defined TIOCPKT_IOCTL
          if (c & TIOCPKT_IOCTL)
            {
              copy_termbuf ();
              localstat ();
            }
***************
*** 672,678 ****
          if (c & TIOCPKT_FLUSHWRITE)
            {
              static char flushdata[] = { IAC, DM };
-             pty_get_char (0);
              netclear ();      /* clear buffer back */
              net_output_datalen (flushdata, sizeof (flushdata));
              set_neturg ();
--- 671,676 ----
***************
*** 689,695 ****
                                   IAC, SB, TELOPT_LFLOW,
                                   flowmode ? LFLOW_ON : LFLOW_OFF, IAC, SE);
                }
-             pty_get_char (0);
            }

        }
--- 687,692 ----


-- 
Takashi Yano <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-inetutils] Telnetd fails to handle some of TIOCPKT control bytes., Takashi Yano <=

Prev by Date: [bug-inetutils] ftp client bug .netrc
Previous by thread: [bug-inetutils] ftp client bug .netrc
Index(es):
- Date
- Thread