Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/telnetd bound-check all "*nfrontp++" code. from ope...
details: https://anonhg.NetBSD.org/src/rev/8e97f947ed37
branches: trunk
changeset: 512911:8e97f947ed37
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Jul 19 04:57:49 2001 +0000
description:
bound-check all "*nfrontp++" code. from openbsd/heimdal.
bark if file descriptor goes above FD_SETSIZE. from openbsd.
XXX needs more checking.
XXX what is tab stop size for this code? need more consistency...
XXX we should really remove #ifdef CRAY, UNICOS5 and such.
we just cannot read it through.
diffstat:
libexec/telnetd/authenc.c | 7 +-
libexec/telnetd/ext.h | 12 +-
libexec/telnetd/state.c | 86 ++++++-
libexec/telnetd/sys_term.c | 36 +-
libexec/telnetd/telnetd.c | 62 ++---
libexec/telnetd/telnetd.h | 3 +-
libexec/telnetd/termstat.c | 22 +-
libexec/telnetd/utility.c | 473 ++++++++++++++++----------------------------
8 files changed, 307 insertions(+), 394 deletions(-)
diffs (truncated from 1588 to 300 lines):
diff -r fc1e6898ce77 -r 8e97f947ed37 libexec/telnetd/authenc.c
--- a/libexec/telnetd/authenc.c Thu Jul 19 04:27:37 2001 +0000
+++ b/libexec/telnetd/authenc.c Thu Jul 19 04:57:49 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: authenc.c,v 1.7 2000/06/22 06:47:49 thorpej Exp $ */
+/* $NetBSD: authenc.c,v 1.8 2001/07/19 04:57:49 itojun Exp $ */
/*-
* Copyright (c) 1991, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)authenc.c 8.2 (Berkeley) 5/30/95";
#else
-__RCSID("$NetBSD: authenc.c,v 1.7 2000/06/22 06:47:49 thorpej Exp $");
+__RCSID("$NetBSD: authenc.c,v 1.8 2001/07/19 04:57:49 itojun Exp $");
#endif
#endif /* not lint */
@@ -52,8 +52,7 @@
int len;
{
if (nfrontp + len < netobuf + BUFSIZ) {
- memmove((void *)nfrontp, (void *)str, len);
- nfrontp += len;
+ output_datalen(str, len);
return(len);
}
return(0);
diff -r fc1e6898ce77 -r 8e97f947ed37 libexec/telnetd/ext.h
--- a/libexec/telnetd/ext.h Thu Jul 19 04:27:37 2001 +0000
+++ b/libexec/telnetd/ext.h Thu Jul 19 04:57:49 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ext.h,v 1.12 2001/02/04 22:32:15 christos Exp $ */
+/* $NetBSD: ext.h,v 1.13 2001/07/19 04:57:49 itojun Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -112,8 +112,8 @@
dooption P((int)),
dontoption P((int)),
edithost P((char *, char *)),
- fatal P((int, char *)),
- fatalperror P((int, char *)),
+ fatal P((int, const char *)),
+ fatalperror P((int, const char *)),
get_slc_defaults P((void)),
init_env P((void)),
init_termbuf P((void)),
@@ -123,7 +123,7 @@
netclear P((void)),
netflush P((void)),
#ifdef DIAGNOSTICS
- printoption P((char *, int)),
+ printoption P((const char *, int)),
printdata P((char *, char *, int)),
#if !defined(ENCRYPTION)
printsub P((int, unsigned char *, int)),
@@ -190,6 +190,10 @@
wontoption P((int)),
writenet P((unsigned char *, int));
+extern int output_data __P((const char *, ...))
+ __attribute__((__format__(__printf__, 1, 2)));
+extern int output_datalen __P((const char *, size_t));
+
#ifdef ENCRYPTION
extern char *nclearto;
#endif /* ENCRYPTION */
diff -r fc1e6898ce77 -r 8e97f947ed37 libexec/telnetd/state.c
--- a/libexec/telnetd/state.c Thu Jul 19 04:27:37 2001 +0000
+++ b/libexec/telnetd/state.c Thu Jul 19 04:57:49 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: state.c,v 1.14 2001/02/04 22:32:16 christos Exp $ */
+/* $NetBSD: state.c,v 1.15 2001/07/19 04:57:50 itojun Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -38,10 +38,12 @@
#if 0
static char sccsid[] = "@(#)state.c 8.5 (Berkeley) 5/30/95";
#else
-__RCSID("$NetBSD: state.c,v 1.14 2001/02/04 22:32:16 christos Exp $");
+__RCSID("$NetBSD: state.c,v 1.15 2001/07/19 04:57:50 itojun Exp $");
#endif
#endif /* not lint */
+#include <stdarg.h>
+
#include "telnetd.h"
static int envvarok __P((char *));
@@ -204,9 +206,8 @@
}
netclear(); /* clear buffer back */
- *nfrontp++ = IAC;
- *nfrontp++ = DM;
- neturg = nfrontp-1; /* off by one XXX */
+ output_data("%c%c", IAC, DM);
+ neturg = nfrontp - 1; /* off by one XXX */
DIAG(TD_OPTIONS,
printoption("td: send IAC", DM));
break;
@@ -376,9 +377,11 @@
pfrontp = opfrontp;
pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP,
xbuf2, &oc, BUFSIZ);
- for (cp = xbuf2; oc > 0; --oc)
- if ((*nfrontp++ = *cp++) == IAC)
- *nfrontp++ = IAC;
+ for (cp = xbuf2; oc > 0; --oc) {
+ output_data("%c", *cp);
+ if (*cp++ == IAC)
+ output_data("%c", IAC);
+ }
}
#endif /* defined(CRAY2) && defined(UNICOS5) */
} /* end of telrcv */
@@ -458,8 +461,7 @@
set_his_want_state_will(option);
do_dont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)doopt, option);
- nfrontp += sizeof (dont) - 2;
+ (void) output_data(doopt, option);
DIAG(TD_OPTIONS, printoption("td: send do", option));
}
@@ -681,8 +683,7 @@
set_his_want_state_wont(option);
do_dont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)dont, option);
- nfrontp += sizeof (doopt) - 2;
+ (void) output_data(dont, option);
DIAG(TD_OPTIONS, printoption("td: send dont", option));
}
@@ -832,8 +833,7 @@
set_my_want_state_will(option);
will_wont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)will, option);
- nfrontp += sizeof (doopt) - 2;
+ (void) output_data(will, option);
DIAG(TD_OPTIONS, printoption("td: send will", option));
}
@@ -992,8 +992,7 @@
set_my_want_state_wont(option);
will_wont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)wont, option);
- nfrontp += sizeof (wont) - 2;
+ (void) output_data(wont, option);
DIAG(TD_OPTIONS, printoption("td: send wont", option));
}
@@ -1428,9 +1427,8 @@
env_ovar_wrong:
env_ovar = OLD_ENV_VALUE;
env_ovalue = OLD_ENV_VAR;
- DIAG(TD_OPTIONS, {sprintf(nfrontp,
- "ENVIRON VALUE and VAR are reversed!\r\n");
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_OPTIONS, {output_data(
+ "ENVIRON VALUE and VAR are reversed!\r\n");});
}
}
@@ -1574,16 +1572,28 @@
clientstat(TELOPT_LINEMODE, WILL, 0);
}
-#define ADD(c) *ncp++ = c
-#define ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; }
void
send_status()
{
+#define ADD(c) \
+ do { \
+ if (ep > ncp) \
+ *ncp++ = c; \
+ else \
+ goto trunc; \
+ } while (0)
+#define ADD_DATA(c) \
+ do { \
+ ADD(c); if (c == SE || c == IAC) ADD(c); \
+ } while (0)
+
unsigned char statusbuf[256];
+ unsigned char *ep;
register unsigned char *ncp;
register unsigned char i;
ncp = statusbuf;
+ ep = statusbuf + sizeof(statusbuf);
netflush(); /* get rid of anything waiting to go out */
@@ -1664,4 +1674,38 @@
DIAG(TD_OPTIONS,
{printsub('>', statusbuf, ncp - statusbuf); netflush();});
+ return;
+
+trunc:
+ /* XXX bark? */
+ return;
+#undef ADD
+#undef ADD_DATA
}
+
+int
+output_data(const char *format, ...)
+{
+ va_list args;
+ size_t remaining, ret;
+
+ va_start(args, format);
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ ret = vsnprintf(nfrontp, remaining, format, args);
+ nfrontp += ret;
+ va_end(args);
+ return ret;
+}
+
+int
+output_datalen(const char *buf, size_t l)
+{
+ size_t remaining;
+
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ if (remaining < l)
+ return -1;
+ memmove(nfrontp, buf, l);
+ nfrontp += l;
+ return (int)l;
+}
diff -r fc1e6898ce77 -r 8e97f947ed37 libexec/telnetd/sys_term.c
--- a/libexec/telnetd/sys_term.c Thu Jul 19 04:27:37 2001 +0000
+++ b/libexec/telnetd/sys_term.c Thu Jul 19 04:57:49 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_term.c,v 1.22 2001/02/04 22:32:16 christos Exp $ */
+/* $NetBSD: sys_term.c,v 1.23 2001/07/19 04:57:50 itojun Exp $ */
/*
* Copyright (c) 1989, 1993
@@ -38,7 +38,7 @@
#if 0
static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95";
#else
-__RCSID("$NetBSD: sys_term.c,v 1.22 2001/02/04 22:32:16 christos Exp $");
+__RCSID("$NetBSD: sys_term.c,v 1.23 2001/07/19 04:57:50 itojun Exp $");
#endif
#endif /* not lint */
@@ -183,7 +183,7 @@
char **addarg __P((char **, char *));
void scrub_env __P((void));
int getent __P((char *, char *));
-char *getstr __P((char *, char **));
+char *getstr __P((const char *, char **));
#ifdef KRB5
extern void kerberos5_cleanup __P((void));
#endif
@@ -1253,8 +1253,8 @@
* making sure that we have a clean tty.
*/
int
-cleanopen(line)
- char *line;
+cleanopen(ttyline)
+ char *ttyline;
{
#ifdef OPENPTY_PTY
return ptyslavefd;
@@ -1269,16 +1269,16 @@
* Make sure that other people can't open the
* slave side of the connection.
*/
- (void) chown(line, 0, 0);
- (void) chmod(line, 0600);
+ (void) chown(ttyline, 0, 0);
+ (void) chmod(ttyline, 0600);
#endif
# if !defined(CRAY) && (BSD > 43)
- (void) revoke(line);
+ (void) revoke(ttyline);
# endif
#ifdef UNICOS7x
if (secflag) {
- if (secstat(line, &secbuf) < 0)
+ if (secstat(ttyline, &secbuf) < 0)
return(-1);
if (setulvl(secbuf.st_slevel) < 0)
return(-1);
@@ -1287,7 +1287,7 @@
Home |
Main Index |
Thread Index |
Old Index