[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/3] telnet: Abort subnegotiation of XDISPLOC on error.
From: |
Erik Auerswald |
Subject: |
[PATCH 1/3] telnet: Abort subnegotiation of XDISPLOC on error. |
Date: |
Sun, 27 Feb 2022 17:34:21 +0100 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Subnegotiation of the X Display Location option needs to be
aborted when it cannot be completed.
* NEWS: Mention fix.
* telnet/telnet.c (suboption): Call send_wont() to abort when
DISPLAY value does not fit into temporary buffer.
---
NEWS | 4 ++++
telnet/telnet.c | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 78e9ca9a..166ca457 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ GNU inetutils NEWS -- history of user-visible changes.
Don't infloop when (malicious) server sends too large terminal value,
see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945861
+Abort subnegotiation of X Display Location Option with WON'T when DISPLAY
+value is too large for buffer. Reported by Joerg Mayer in
+<https://lists.gnu.org/archive/html/bug-inetutils/2022-01/msg00010.html>.
+
** Various bugs fixes, internal improvements and clean ups.
Further cleanup of configure.ac, updates to modern autoconf releases,
diff --git a/telnet/telnet.c b/telnet/telnet.c
index c5b18c14..62c79653 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -1008,11 +1008,13 @@ suboption (void)
/* Remote host, and display server must not be corrupted
* by truncation. In addition, every character of telnet
* protocol must remain unsevered. Check that DP fits in
- * full within TEMP. Otherwise report buffer error.
+ * full within TEMP. Otherwise report buffer error and
+ * turn off the option.
*/
if (strlen ((char *) dp) >= sizeof (temp) - 4 - 2)
{
- printf ("lm_will: not enough room in buffer\n");
+ printf ("lm_will: not enough room in buffer for DISPLAY\n");
+ send_wont (TELOPT_XDISPLOC, 1);
break;
}
--
It's impossible to learn very much by simply sitting in a lecture,
or even by simply doing problems that are assigned.
-- Richard P. Feynman
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/01
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/05
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/07
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Joerg Mayer, 2022/02/07
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/18
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Alfred M. Szmidt, 2022/02/19
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/20
- Re: Bug in telnet from inetutils-2.2: Insufficient buffer space for longish DISPLAY names, Erik Auerswald, 2022/02/21
- [PATCH 0/3] GNU inetutils telnet client fixes, Erik Auerswald, 2022/02/27
- [PATCH 1/3] telnet: Abort subnegotiation of XDISPLOC on error.,
Erik Auerswald <=
- [PATCH 2/3] telnet: Fix TTYPE subnegotiation off-by-one error., Erik Auerswald, 2022/02/27
- [PATCH 3/3] telnet: Avoid command evaluation crashes., Erik Auerswald, 2022/02/27