[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Fix off-by-one error in telnet/telnet.c
|
From: |
Erik Auerswald |
|
Subject: |
[PATCH] Fix off-by-one error in telnet/telnet.c |
|
Date: |
Tue, 8 Feb 2022 22:04:28 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi,
when sending the Terminal-Type during "subnegotiation", the terminating
TELNET command "SE" (end of subnegotiation parameters) is omitted when an
overlong terminal name is returned by gettermname(), because the length
calculation to check if the name fits into the buffer does not account
for the terminating NUL byte written by snprintf().
The attached patch fixes this. Please let me know if you need copyright
assignment in order to use this trivial patch. I'll do the paperwork if
necessary, but only if necessary.
BTW according to RFC 1091 and the IANA Terminal Type Names registry,
terminal names "may be up to 40 characters taken from the set of uppercase
letters, digits, and the two punctuation characters hyphen and slash.
It must start with a letter, and end with a letter or digit." It might be
appropriate to check this and refuse to send a non-conforming telnet name.
Please let me know if you would like me to implement such functionality.
Best regards,
Erik
--
Bugs are like mushrooms - found one, look around for more...
-- Al Viro
inetutils-telnet-fix_ttype_off_by_one.patch
Description: Text Data
- [PATCH] Fix off-by-one error in telnet/telnet.c,
Erik Auerswald <=