Group :: Networking/Remote access
RPM: telnet
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: telnet-3.0-owl-bound.patch
Download
Download
diff -urp telnet-3.0.orig/usr.bin/telnet/telnet.c telnet-3.0-bound/usr.bin/telnet/telnet.c
--- telnet-3.0.orig/usr.bin/telnet/telnet.c Sat Nov 3 00:07:53 2001
+++ telnet-3.0-bound/usr.bin/telnet/telnet.c Thu Mar 17 04:15:47 2005
@@ -1332,7 +1332,7 @@ slc_check()
}
-unsigned char slc_reply[128];
+unsigned char slc_reply[SUBBUFSIZE * 2];
unsigned char *slc_replyp;
void
@@ -1351,6 +1351,8 @@ slc_add_reply(func, flags, value)
unsigned char flags;
cc_t value;
{
+ if (slc_replyp > &slc_reply[sizeof(slc_reply) - 6 - 2])
+ return;
if ((*slc_replyp++ = func) == IAC)
*slc_replyp++ = IAC;
if ((*slc_replyp++ = flags) == IAC)
@@ -1364,6 +1366,8 @@ slc_end_reply()
{
register int len;
+ if (slc_replyp > &slc_reply[sizeof(slc_reply) - 2])
+ return;
*slc_replyp++ = IAC;
*slc_replyp++ = SE;
len = slc_replyp - slc_reply;
@@ -1483,8 +1487,8 @@ env_opt(buf, len)
}
}
-#define OPT_REPLY_SIZE 256
-unsigned char *opt_reply;
+#define OPT_REPLY_SIZE (2 * SUBBUFSIZE)
+unsigned char *opt_reply = NULL;
unsigned char *opt_replyp;
unsigned char *opt_replyend;
@@ -1543,11 +1547,14 @@ env_opt_add(ep)
return;
}
vp = env_getvalue(ep);
- if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
- strlen((char *)ep) + 6 > opt_replyend)
+ if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
+ 2 * strlen((char *)ep) + 6 > opt_replyend)
{
register int len;
unsigned char *p;
+ /* XXX: this modifies global variables making them
+ * inconsistent with the actual memory allocation for a
+ * short moment. */
opt_replyend += OPT_REPLY_SIZE;
len = opt_replyend - opt_reply;
p = (unsigned char *)realloc(opt_reply, len);
@@ -1573,6 +1580,8 @@ env_opt_add(ep)
*opt_replyp++ = ENV_USERVAR;
for (;;) {
while ((c = *ep++)) {
+ if (opt_replyp + (2 + 2) > opt_replyend)
+ return;
switch(c&0xff) {
case IAC:
*opt_replyp++ = IAC;
@@ -1587,6 +1596,8 @@ env_opt_add(ep)
*opt_replyp++ = c;
}
if ((ep = vp)) {
+ if (opt_replyp + (1 + 2 + 2) > opt_replyend)
+ return;
#ifdef OLD_ENVIRON
if (telopt_environ == TELOPT_OLD_ENVIRON)
*opt_replyp++ = old_env_value;
@@ -1618,7 +1629,9 @@ env_opt_end(emptyok)
{
register int len;
- len = opt_replyp - opt_reply + 2;
+ if (opt_replyp + 2 > opt_replyend)
+ return;
+ len = opt_replyp + 2 - opt_reply;
if (emptyok || len > 6) {
*opt_replyp++ = IAC;
*opt_replyp++ = SE;