Hi, On Tue, Feb 08, 2022 at 10:04:28PM +0100, Erik Auerswald wrote: > when sending the Terminal-Type during "subnegotiation", the terminating > TELNET command "SE" (end of subnegotiation parameters) is omitted when an > overlong terminal name is returned by gettermname(), because the length > calculation to check if the name fits into the buffer does not account > for the terminating NUL byte written by snprintf(). > > The attached patch fixes this. Please let me know if you need copyright > assignment in order to use this trivial patch. I'll do the paperwork if > necessary, but only if necessary.
The first patch has the side-effect of sending the NUL byte that was omitted before. Thus I have written a second version of the patch that adjusts the size comparison instead of the size calculation. Best regards, Erik -- Thinking doesn't guarantee that we won't make mistakes. But not thinking guarantees that we will. -- Leslie Lamport
diff --git a/telnet/telnet.c b/telnet/telnet.c index c5b18c14..0f817bc8 100644 --- a/telnet/telnet.c +++ b/telnet/telnet.c @@ -860,7 +860,7 @@ suboption (void) name = gettermname (); len = strlen (name) + 4 + 2; - if ((len < NETROOM ()) && (len <= (int) sizeof (temp))) + if ((len < NETROOM ()) && (len < (int) sizeof (temp))) { snprintf ((char *) temp, sizeof (temp), "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, TELQUAL_IS,