Hi,
On Tue, Feb 08, 2022 at 10:04:28PM +0100, Erik Auerswald wrote:
> when sending the Terminal-Type during "subnegotiation", the terminating
> TELNET command "SE" (end of subnegotiation parameters) is omitted when an
> overlong terminal name is returned by gettermname(), because the length
> calculation to check if the name fits into the buffer does not account
> for the terminating NUL byte written by snprintf().
>
> The attached patch fixes this. Please let me know if you need copyright
> assignment in order to use this trivial patch. I'll do the paperwork if
> necessary, but only if necessary.
The first patch has the side-effect of sending the NUL byte that was
omitted before. Thus I have written a second version of the patch that
adjusts the size comparison instead of the size calculation.
Best regards,
Erik
--
Thinking doesn't guarantee that we won't make mistakes. But not thinking
guarantees that we will.
-- Leslie Lamport
diff --git a/telnet/telnet.c b/telnet/telnet.c
index c5b18c14..0f817bc8 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -860,7 +860,7 @@ suboption (void)
name = gettermname ();
len = strlen (name) + 4 + 2;
- if ((len < NETROOM ()) && (len <= (int) sizeof (temp)))
+ if ((len < NETROOM ()) && (len < (int) sizeof (temp)))
{
snprintf ((char *) temp, sizeof (temp), "%c%c%c%c%s%c%c",
IAC, SB, TELOPT_TTYPE, TELQUAL_IS,
