Tue Dec 18 18:37:26 2018 UTC ()
Pull up following revision(s) (requested by maya in ticket #1665):

	usr.bin/telnet/utilities.c: revision 1.24
	usr.bin/telnet/telnet.c: revision 1.37

switch sprintf to snprintf in places.

Reported by hacker fantastic, thanks!

ok xtos.


(martin)
diff -r1.36 -r1.36.20.1 src/usr.bin/telnet/telnet.c
diff -r1.23 -r1.23.20.1 src/usr.bin/telnet/utilities.c
cvs diff -r1.36 -r1.36.20.1 src/usr.bin/telnet/telnet.c (expand / switch to unified diff)

--- src/usr.bin/telnet/telnet.c 2012/01/10 13:49:32 1.36
+++ src/usr.bin/telnet/telnet.c 2018/12/18 18:37:26 1.36.20.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: telnet.c,v 1.36 2012/01/10 13:49:32 christos Exp $ */ 1/* $NetBSD: telnet.c,v 1.36.20.1 2018/12/18 18:37:26 martin Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1988, 1990, 1993 4 * Copyright (c) 1988, 1990, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -24,27 +24,27 @@ @@ -24,27 +24,27 @@
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 */ 30 */
31 31
32#include <sys/cdefs.h> 32#include <sys/cdefs.h>
33#ifndef lint 33#ifndef lint
34#if 0 34#if 0
35static char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95"; 35static char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95";
36#else 36#else
37__RCSID("$NetBSD: telnet.c,v 1.36 2012/01/10 13:49:32 christos Exp $"); 37__RCSID("$NetBSD: telnet.c,v 1.36.20.1 2018/12/18 18:37:26 martin Exp $");
38#endif 38#endif
39#endif /* not lint */ 39#endif /* not lint */
40 40
41#include <sys/param.h> 41#include <sys/param.h>
42 42
43#include <signal.h> 43#include <signal.h>
44#include <term.h> 44#include <term.h>
45#include <unistd.h> 45#include <unistd.h>
46/* By the way, we need to include curses.h before telnet.h since, 46/* By the way, we need to include curses.h before telnet.h since,
47 * among other things, telnet.h #defines 'DO', which is a variable 47 * among other things, telnet.h #defines 'DO', which is a variable
48 * declared in curses.h. 48 * declared in curses.h.
49 */ 49 */
50 50
@@ -846,50 +846,50 @@ suboption(void) @@ -846,50 +846,50 @@ suboption(void)
846 } else { 846 } else {
847 char *name; 847 char *name;
848 unsigned char temp[50]; 848 unsigned char temp[50];
849 int len; 849 int len;
850 850
851#ifdef TN3270 851#ifdef TN3270
852 if (tn3270_ttype()) { 852 if (tn3270_ttype()) {
853 return; 853 return;
854 } 854 }
855#endif /* defined(TN3270) */ 855#endif /* defined(TN3270) */
856 name = gettermname(); 856 name = gettermname();
857 len = strlen(name) + 4 + 2; 857 len = strlen(name) + 4 + 2;
858 if (len < NETROOM()) { 858 if (len < NETROOM()) {
859 sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, 859 snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
860 TELQUAL_IS, name, IAC, SE); 860 TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE);
861 ring_supply_data(&netoring, temp, len); 861 ring_supply_data(&netoring, temp, len);
862 printsub('>', &temp[2], len-2); 862 printsub('>', &temp[2], len-2);
863 } else { 863 } else {
864 ExitString("No room in buffer for terminal type.\n", 1); 864 ExitString("No room in buffer for terminal type.\n", 1);
865 /*NOTREACHED*/ 865 /*NOTREACHED*/
866 } 866 }
867 } 867 }
868 break; 868 break;
869 case TELOPT_TSPEED: 869 case TELOPT_TSPEED:
870 if (my_want_state_is_wont(TELOPT_TSPEED)) 870 if (my_want_state_is_wont(TELOPT_TSPEED))
871 return; 871 return;
872 if (SB_EOF()) 872 if (SB_EOF())
873 return; 873 return;
874 if (SB_GET() == TELQUAL_SEND) { 874 if (SB_GET() == TELQUAL_SEND) {
875 long osp, isp; 875 long osp, isp;
876 unsigned char temp[50]; 876 unsigned char temp[50];
877 int len; 877 int len;
878 878
879 TerminalSpeeds(&isp, &osp); 879 TerminalSpeeds(&isp, &osp);
880 880
881 sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED, 881 snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, SB,
882 TELQUAL_IS, osp, isp, IAC, SE); 882 TELOPT_TSPEED, TELQUAL_IS, osp, isp, IAC, SE);
883 len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ 883 len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
884 884
885 if (len < NETROOM()) { 885 if (len < NETROOM()) {
886 ring_supply_data(&netoring, temp, len); 886 ring_supply_data(&netoring, temp, len);
887 printsub('>', temp+2, len - 2); 887 printsub('>', temp+2, len - 2);
888 } 888 }
889/*@*/ else printf("lm_will: not enough room in buffer\n"); 889/*@*/ else printf("lm_will: not enough room in buffer\n");
890 } 890 }
891 break; 891 break;
892 case TELOPT_LFLOW: 892 case TELOPT_LFLOW:
893 if (my_want_state_is_wont(TELOPT_LFLOW)) 893 if (my_want_state_is_wont(TELOPT_LFLOW))
894 return; 894 return;
895 if (SB_EOF()) 895 if (SB_EOF())
@@ -973,28 +973,28 @@ suboption(void) @@ -973,28 +973,28 @@ suboption(void)
973 return; 973 return;
974 if (SB_GET() == TELQUAL_SEND) { 974 if (SB_GET() == TELQUAL_SEND) {
975 unsigned char temp[50], *dp; 975 unsigned char temp[50], *dp;
976 int len; 976 int len;
977 977
978 if ((dp = env_getvalue((const unsigned char *)"DISPLAY")) == NULL) { 978 if ((dp = env_getvalue((const unsigned char *)"DISPLAY")) == NULL) {
979 /* 979 /*
980 * Something happened, we no longer have a DISPLAY 980 * Something happened, we no longer have a DISPLAY
981 * variable. So, turn off the option. 981 * variable. So, turn off the option.
982 */ 982 */
983 send_wont(TELOPT_XDISPLOC, 1); 983 send_wont(TELOPT_XDISPLOC, 1);
984 break; 984 break;
985 } 985 }
986 sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, 986 snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", IAC, SB,
987 TELQUAL_IS, dp, IAC, SE); 987 TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE);
988 len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ 988 len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
989 989
990 if (len < NETROOM()) { 990 if (len < NETROOM()) {
991 ring_supply_data(&netoring, temp, len); 991 ring_supply_data(&netoring, temp, len);
992 printsub('>', temp+2, len - 2); 992 printsub('>', temp+2, len - 2);
993 } 993 }
994/*@*/ else printf("lm_will: not enough room in buffer\n"); 994/*@*/ else printf("lm_will: not enough room in buffer\n");
995 } 995 }
996 break; 996 break;
997 997
998#ifdef AUTHENTICATION 998#ifdef AUTHENTICATION
999 case TELOPT_AUTHENTICATION: { 999 case TELOPT_AUTHENTICATION: {
1000 if (!autologin) 1000 if (!autologin)
cvs diff -r1.23 -r1.23.20.1 src/usr.bin/telnet/utilities.c (expand / switch to unified diff)

--- src/usr.bin/telnet/utilities.c 2012/01/09 16:08:55 1.23
+++ src/usr.bin/telnet/utilities.c 2018/12/18 18:37:26 1.23.20.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: utilities.c,v 1.23 2012/01/09 16:08:55 christos Exp $ */ 1/* $NetBSD: utilities.c,v 1.23.20.1 2018/12/18 18:37:26 martin Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1988, 1993 4 * Copyright (c) 1988, 1993
5 * The Regents of the University of California. All rights reserved. 5 * The Regents of the University of California. All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -24,27 +24,27 @@ @@ -24,27 +24,27 @@
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE. 29 * SUCH DAMAGE.
30 */ 30 */
31 31
32#include <sys/cdefs.h> 32#include <sys/cdefs.h>
33#ifndef lint 33#ifndef lint
34#if 0 34#if 0
35static char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95"; 35static char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95";
36#else 36#else
37__RCSID("$NetBSD: utilities.c,v 1.23 2012/01/09 16:08:55 christos Exp $"); 37__RCSID("$NetBSD: utilities.c,v 1.23.20.1 2018/12/18 18:37:26 martin Exp $");
38#endif 38#endif
39#endif /* not lint */ 39#endif /* not lint */
40 40
41#define TELOPTS 41#define TELOPTS
42#define TELCMDS 42#define TELCMDS
43#define SLC_NAMES 43#define SLC_NAMES
44#include <arpa/telnet.h> 44#include <arpa/telnet.h>
45#include <sys/types.h> 45#include <sys/types.h>
46#include <sys/time.h> 46#include <sys/time.h>
47#include <sys/socket.h> 47#include <sys/socket.h>
48#include <unistd.h> 48#include <unistd.h>
49#include <poll.h> 49#include <poll.h>
50 50
@@ -623,27 +623,27 @@ printsub( @@ -623,27 +623,27 @@ printsub(
623 } 623 }
624 for (; i < length; i++) 624 for (; i < length; i++)
625 fprintf(NetTrace, " ?%d?", pointer[i]); 625 fprintf(NetTrace, " ?%d?", pointer[i]);
626 break; 626 break;
627 627
628 case LM_MODE: 628 case LM_MODE:
629 fprintf(NetTrace, "MODE "); 629 fprintf(NetTrace, "MODE ");
630 if (length < 3) { 630 if (length < 3) {
631 fprintf(NetTrace, "(no mode??\?)"); 631 fprintf(NetTrace, "(no mode??\?)");
632 break; 632 break;
633 } 633 }
634 { 634 {
635 char tbuf[64]; 635 char tbuf[64];
636 sprintf(tbuf, "%s%s%s%s%s", 636 snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s",
637 pointer[2]&MODE_EDIT ? "|EDIT" : "", 637 pointer[2]&MODE_EDIT ? "|EDIT" : "",
638 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", 638 pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
639 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", 639 pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
640 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", 640 pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
641 pointer[2]&MODE_ACK ? "|ACK" : ""); 641 pointer[2]&MODE_ACK ? "|ACK" : "");
642 fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0"); 642 fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
643 } 643 }
644 if (pointer[2]&~(MODE_MASK)) 644 if (pointer[2]&~(MODE_MASK))
645 fprintf(NetTrace, " (0x%x)", pointer[2]); 645 fprintf(NetTrace, " (0x%x)", pointer[2]);
646 for (i = 3; i < length; i++) 646 for (i = 3; i < length; i++)
647 fprintf(NetTrace, " ?0x%x?", pointer[i]); 647 fprintf(NetTrace, " ?0x%x?", pointer[i]);
648 break; 648 break;
649 default: 649 default: