Hi Alfred,
On Sun, Feb 20, 2022 at 07:21:05PM +0100, Erik Auerswald wrote:
> On 19.02.22 20:27, Alfred M. Szmidt wrote:
> > On Sat, Feb 05, 2022 at 05:18:01PM +0100, Erik Auerswald wrote:
> > > On 01.02.22 10:01, Erik Auerswald wrote:
> > > >
> > > >I am a colleague of Joerg and could reproduce the bug on Ubuntu
> > > >GNU/Linux with a freshly built telnet client from GNU inetutils 2.2:
> > > >[...]
> > > [...]
> > > Please let me know if you would like to use this patch, but would
> > > first require me to complete copyright assignment paperwork.
> >
> > Just in case it helps I have just sent the copyright assignment papers
> > to the FSF.
> >[...]
> >I've sorta dropped the ball on this, sorry for that. Do you want to
> >take the ball? Whip up the patches, etc? And I'll hand out commit
> >(after approval) access for you when the paperwork is done.
> [...]
> I can expand the patches to comprise hopefully appropriate
> changes to the NEWS file, and provide a suitable commit message
> in a format usable with 'gitlog-to-changelog'. I can do that
> using 'git format-patch' so the result can be applied easily to
> the development repository.
I have attached the output of "git format-patch origin" after locally
committing the patch for this issue and adding a NEWS entry. Please let
me know if this looks OK. Did I miss anything?
Best regards,
Erik
--
Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it.
-- Brian W. Kernighan
>From 57390e9ed5702630487d6f7341c54c5c53ced7a5 Mon Sep 17 00:00:00 2001
From: Erik Auerswald <auers...@unix-ag.uni-kl.de>
Date: Mon, 21 Feb 2022 18:45:58 +0100
Subject: [PATCH] telnet: Abort subnegotiation of XDISPLOC on error.
Subnegotiation of the X Display Location option needs to be
aborted when it cannot be completed.
* NEWS: Mention fix.
* telnet/telnet.c (suboption): Call send_wont() to abort when
DISPLAY value does not fit into temporary buffer.
---
NEWS | 4 ++++
telnet/telnet.c | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 78e9ca9a..e2bfb8eb 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@ GNU inetutils NEWS -- history of user-visible changes.
Don't infloop when (malicious) server sends too large terminal value,
see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945861
+Abort subnegotiation of X Display Location Option with WONT when DISPLAY
+value is too large for buffer. Reported by Joerg Mayer in
+<https://lists.gnu.org/archive/html/bug-inetutils/2022-01/msg00010.html>.
+
** Various bugs fixes, internal improvements and clean ups.
Further cleanup of configure.ac, updates to modern autoconf releases,
diff --git a/telnet/telnet.c b/telnet/telnet.c
index c5b18c14..62c79653 100644
--- a/telnet/telnet.c
+++ b/telnet/telnet.c
@@ -1008,11 +1008,13 @@ suboption (void)
/* Remote host, and display server must not be corrupted
* by truncation. In addition, every character of telnet
* protocol must remain unsevered. Check that DP fits in
- * full within TEMP. Otherwise report buffer error.
+ * full within TEMP. Otherwise report buffer error and
+ * turn off the option.
*/
if (strlen ((char *) dp) >= sizeof (temp) - 4 - 2)
{
- printf ("lm_will: not enough room in buffer\n");
+ printf ("lm_will: not enough room in buffer for DISPLAY\n");
+ send_wont (TELOPT_XDISPLOC, 1);
break;
}
--
2.17.1
