Apple-2gs-SW
/
telnetd
mirror of https://github.com/sheumann/telnetd.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed the exploitable remote buffer overflow. 

Reported on:	bugtraq
Obtained from:	Heimdal, NetBSD
Reviewed by:	obrien, imp


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@79981 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
This commit is contained in:
ru 2001-07-19 17:48:57 +00:00
parent bcdf745b83
commit b3fb8c9630
6 changed files with 219 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
telnetd/authenc.c
View File

@ -49,8 +49,7 @@ net_write(str, len)
int len;
{
if (nfrontp + len < netobuf + BUFSIZ) {
memmove((void *)nfrontp, (void *)str, len);
nfrontp += len;
output_datalen(str, len);
return(len);
}
return(0);

3
telnetd/ext.h
View File

@ -190,6 +190,9 @@ extern void
wontoption P((int)),
writenet P((unsigned char *, int));
int output_data __P((const char *, ...)) __printflike(1, 2);
int output_datalen __P((const char *, size_t));
#ifdef ENCRYPTION
extern void (*encrypt_output) P((unsigned char *, int));
extern int (*decrypt_input) P((int));

61
telnetd/state.c
View File

@ -39,6 +39,7 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
#include <stdarg.h>
#include "telnetd.h"
#if defined(AUTHENTICATION)
#include <libtelnet/auth.h>
@ -205,8 +206,7 @@ gotiac: switch (c) {
}
netclear(); /* clear buffer back */
*nfrontp++ = IAC;
*nfrontp++ = DM;
output_data("%c%c", IAC, DM);
neturg = nfrontp-1; /* off by one XXX */
DIAG(TD_OPTIONS,
printoption("td: send IAC", DM));
@ -459,8 +459,7 @@ send_do(option, init)
set_his_want_state_will(option);
do_dont_resp[option]++;
}
(void) sprintf(nfrontp, (char *)doopt, option);
nfrontp += sizeof (dont) - 2;
output_data((const char *)doopt, option);
DIAG(TD_OPTIONS, printoption("td: send do", option));
}
@ -679,8 +678,7 @@ send_dont(option, init)
set_his_want_state_wont(option);
do_dont_resp[option]++;
}
(void) sprintf(nfrontp, (char *)dont, option);
nfrontp += sizeof (doopt) - 2;
output_data((const char *)dont, option);
DIAG(TD_OPTIONS, printoption("td: send dont", option));
}
@ -828,8 +826,7 @@ send_will(option, init)
set_my_want_state_will(option);
will_wont_resp[option]++;
}
(void) sprintf(nfrontp, (char *)will, option);
nfrontp += sizeof (doopt) - 2;
output_data((const char *)will, option);
DIAG(TD_OPTIONS, printoption("td: send will", option));
}
@ -987,8 +984,7 @@ send_wont(option, init)
set_my_want_state_wont(option);
will_wont_resp[option]++;
}
(void) sprintf(nfrontp, (char *)wont, option);
nfrontp += sizeof (wont) - 2;
output_data((const char *)wont, option);
DIAG(TD_OPTIONS, printoption("td: send wont", option));
}
@ -1384,9 +1380,8 @@ suboption()
env_ovar_wrong:
env_ovar = OLD_ENV_VALUE;
env_ovalue = OLD_ENV_VAR;
DIAG(TD_OPTIONS, {sprintf(nfrontp,
"ENVIRON VALUE and VAR are reversed!\r\n");
nfrontp += strlen(nfrontp);});
DIAG(TD_OPTIONS,
output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
}
}
@ -1617,3 +1612,43 @@ send_status()
DIAG(TD_OPTIONS,
{printsub('>', statusbuf, ncp - statusbuf); netflush();});
}
/*
* This function appends data to nfrontp and advances nfrontp.
*/
int
output_data(const char *format, ...)
{
va_list args;
size_t remaining, ret;
va_start(args, format);
remaining = BUFSIZ - (nfrontp - netobuf);
/* try a netflush() if the room is too low */
if (strlen(format) > remaining || BUFSIZ / 4 > remaining) {
netflush();
remaining = BUFSIZ - (nfrontp - netobuf);
}
ret = vsnprintf(nfrontp, remaining, format, args);
nfrontp += ret;
va_end(args);
return ret;
}
int
output_datalen(const char *buf, size_t len)
{
size_t remaining;
remaining = BUFSIZ - (nfrontp - netobuf);
if (remaining < len) {
netflush();
remaining = BUFSIZ - (nfrontp - netobuf);
}
if (remaining < len)
return -1;
memmove(nfrontp, buf, len);
nfrontp += len;
return (len);
}

49
telnetd/telnetd.c
View File

@ -683,38 +683,33 @@ getterminaltype(name)
static unsigned char sb[] =
{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
memmove(nfrontp, sb, sizeof sb);
nfrontp += sizeof sb;
output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_XDISPLOC)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
memmove(nfrontp, sb, sizeof sb);
nfrontp += sizeof sb;
output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
memmove(nfrontp, sb, sizeof sb);
nfrontp += sizeof sb;
output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
memmove(nfrontp, sb, sizeof sb);
nfrontp += sizeof sb;
output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_TTYPE)) {
memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
nfrontp += sizeof ttytype_sbbuf;
output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
sizeof ttytype_sbbuf - 2););
}
@ -793,8 +788,7 @@ _gettermname()
if (his_state_is_wont(TELOPT_TTYPE))
return;
settimer(baseline);
memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
nfrontp += sizeof ttytype_sbbuf;
output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
sizeof ttytype_sbbuf - 2););
while (sequenceIs(ttypesubopt, baseline))
@ -1044,9 +1038,7 @@ telnet(f, p, host)
* mode, which we do not want.
*/
if (his_want_state_is_will(TELOPT_ECHO)) {
DIAG(TD_OPTIONS,
{sprintf(nfrontp, "td: simulating recv\r\n");
nfrontp += strlen(nfrontp);});
DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n"));
willoption(TELOPT_ECHO);
}
@ -1181,9 +1173,7 @@ telnet(f, p, host)
localstat();
#endif /* LINEMODE */
DIAG(TD_REPORT,
{sprintf(nfrontp, "td: Entering processing loop\r\n");
nfrontp += strlen(nfrontp);});
DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
/*
* Startup the login process on the slave side of the terminal
@ -1312,8 +1302,7 @@ telnet(f, p, host)
netip = netibuf;
}
DIAG((TD_REPORT | TD_NETDATA),
{sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
nfrontp += strlen(nfrontp);});
output_data("td: netread %d chars\r\n", ncc));
DIAG(TD_NETDATA, printdata("nd", netip, ncc));
}
@ -1360,8 +1349,7 @@ telnet(f, p, host)
* royally if we send them urgent
* mode data.
*/
*nfrontp++ = IAC;
*nfrontp++ = DM;
output_data("%c%c", IAC, DM);
neturg = nfrontp-1; /* off by one XXX */
DIAG(TD_OPTIONS,
printoption("td: send IAC", DM));
@ -1375,13 +1363,11 @@ telnet(f, p, host)
ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
if (newflow != flowmode) {
flowmode = newflow;
(void) sprintf(nfrontp,
"%c%c%c%c%c%c",
output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON
: LFLOW_OFF,
IAC, SE);
nfrontp += 6;
DIAG(TD_OPTIONS, printsub('>',
(unsigned char *)nfrontp-4,
4););
@ -1407,19 +1393,19 @@ telnet(f, p, host)
break;
c = *ptyip++ & 0377, pcc--;
if (c == IAC)
*nfrontp++ = c;
output_data("%c", c);
#if defined(CRAY2) && defined(UNICOS5)
else if (c == '\n' &&
my_state_is_wont(TELOPT_BINARY) && newmap)
*nfrontp++ = '\r';
output_data("\r");
#endif /* defined(CRAY2) && defined(UNICOS5) */
*nfrontp++ = c;
output_data("%c", c);
if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
*nfrontp++ = *ptyip++ & 0377;
output_data("%c", *ptyip++ & 0377);
pcc--;
} else
*nfrontp++ = '\0';
output_data("%c", '\0');
}
}
#if defined(CRAY2) && defined(UNICOS5)
@ -1613,8 +1599,7 @@ recv_ayt()
return;
}
#endif
(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
nfrontp += 9;
output_data("\r\n[Yes]\r\n");
}
void

18
telnetd/termstat.c
View File

@ -302,10 +302,9 @@ localstat()
# endif /* KLUDGELINEMODE */
send_do(TELOPT_LINEMODE, 1);
/* send along edit modes */
(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
output_data("%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
nfrontp += 7;
editmode = useeditmode;
# ifdef KLUDGELINEMODE
}
@ -331,10 +330,9 @@ localstat()
/*
* Send along appropriate edit mode mask.
*/
(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
output_data("%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
nfrontp += 7;
editmode = useeditmode;
}
@ -378,20 +376,18 @@ flowstat()
if (his_state_is_will(TELOPT_LFLOW)) {
if (tty_flowmode() != flowmode) {
flowmode = tty_flowmode();
(void) sprintf(nfrontp, "%c%c%c%c%c%c",
output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON : LFLOW_OFF,
IAC, SE);
nfrontp += 6;
}
if (tty_restartany() != restartany) {
restartany = tty_restartany();
(void) sprintf(nfrontp, "%c%c%c%c%c%c",
output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
restartany ? LFLOW_RESTART_ANY
: LFLOW_RESTART_XON,
IAC, SE);
nfrontp += 6;
}
}
}
@ -464,10 +460,9 @@ clientstat(code, parm1, parm2)
useeditmode |= MODE_SOFT_TAB;
if (tty_islitecho())
useeditmode |= MODE_LIT_ECHO;
(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
output_data("%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode, IAC, SE);
nfrontp += 7;
editmode = useeditmode;
}
@ -523,11 +518,10 @@ clientstat(code, parm1, parm2)
set_termbuf();
if (!ack) {
(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
output_data("%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode|MODE_ACK,
IAC, SE);
nfrontp += 7;
}
editmode = useeditmode;

399
telnetd/utility.c
View File

@ -71,8 +71,7 @@ ttloop()
{
void netflush();
DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
nfrontp += strlen(nfrontp);});
DIAG(TD_REPORT, output_data("td: ttloop\r\n"));
if (nfrontp-nbackp) {
netflush();
}
@ -84,8 +83,7 @@ ttloop()
syslog(LOG_INFO, "ttloop: peer died: %m");
exit(1);
}
DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
nfrontp += strlen(nfrontp);});
DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc));
netip = netibuf;
telrcv(); /* state machine */
if (ncc > 0) {
@ -128,9 +126,8 @@ ptyflush()
int n;
if ((n = pfrontp - pbackp) > 0) {
DIAG((TD_REPORT | TD_PTYDATA),
{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
nfrontp += strlen(nfrontp); });
DIAG(TD_REPORT | TD_PTYDATA,
output_data("td: ptyflush %d chars\r\n", n));
DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
n = write(pty, pbackp, n);
}
@ -261,11 +258,9 @@ netflush()
extern int not42;
if ((n = nfrontp - nbackp) > 0) {
DIAG(TD_REPORT,
{ sprintf(nfrontp, "td: netflush %d chars\r\n", n);
n += strlen(nfrontp); /* get count first */
nfrontp += strlen(nfrontp); /* then move pointer */
});
DIAG(TD_REPORT, {
n += output_data("td: netflush %d chars\r\n", n);
});
#ifdef ENCRYPTION
if (encrypt_output) {
char *s = nclearto ? nclearto : nbackp;
@ -554,12 +549,11 @@ printoption(fmt, option)
register int option;
{
if (TELOPT_OK(option))
sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
output_data("%s %s\r\n", fmt, TELOPT(option));
else if (TELCMD_OK(option))
sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
output_data("%s %s\r\n", fmt, TELCMD(option));
else
sprintf(nfrontp, "%s %d\r\n", fmt, option);
nfrontp += strlen(nfrontp);
output_data("%s %d\r\n", fmt, option);
return;
}
@ -575,9 +569,8 @@ printsub(direction, pointer, length)
return;
if (direction) {
sprintf(nfrontp, "td: %s suboption ",
output_data("td: %s suboption ",
direction == '<' ? "recv" : "send");
nfrontp += strlen(nfrontp);
if (length >= 3) {
register int j;
@ -585,232 +578,192 @@ printsub(direction, pointer, length)
j = pointer[length-1];
if (i != IAC || j != SE) {
sprintf(nfrontp, "(terminated by ");
nfrontp += strlen(nfrontp);
output_data("(terminated by ");
if (TELOPT_OK(i))
sprintf(nfrontp, "%s ", TELOPT(i));
output_data("%s ", TELOPT(i));
else if (TELCMD_OK(i))
sprintf(nfrontp, "%s ", TELCMD(i));
output_data("%s ", TELCMD(i));
else
sprintf(nfrontp, "%d ", i);
nfrontp += strlen(nfrontp);
output_data("%d ", i);
if (TELOPT_OK(j))
sprintf(nfrontp, "%s", TELOPT(j));
output_data("%s", TELOPT(j));
else if (TELCMD_OK(j))
sprintf(nfrontp, "%s", TELCMD(j));
output_data("%s", TELCMD(j));
else
sprintf(nfrontp, "%d", j);
nfrontp += strlen(nfrontp);
sprintf(nfrontp, ", not IAC SE!) ");
nfrontp += strlen(nfrontp);
output_data("%d", j);
output_data(", not IAC SE!) ");
}
}
length -= 2;
}
if (length < 1) {
sprintf(nfrontp, "(Empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data("(Empty suboption??\?)");
return;
}
switch (pointer[0]) {
case TELOPT_TTYPE:
sprintf(nfrontp, "TERMINAL-TYPE ");
nfrontp += strlen(nfrontp);
output_data("TERMINAL-TYPE ");
switch (pointer[1]) {
case TELQUAL_IS:
sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
break;
case TELQUAL_SEND:
sprintf(nfrontp, "SEND");
output_data("SEND");
break;
default:
sprintf(nfrontp,
output_data(
"- unknown qualifier %d (0x%x).",
pointer[1], pointer[1]);
}
nfrontp += strlen(nfrontp);
break;
case TELOPT_TSPEED:
sprintf(nfrontp, "TERMINAL-SPEED");
nfrontp += strlen(nfrontp);
output_data("TERMINAL-SPEED");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case TELQUAL_IS:
sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
nfrontp += strlen(nfrontp);
output_data(" IS %.*s", length-2, (char *)pointer+2);
break;
default:
if (pointer[1] == 1)
sprintf(nfrontp, " SEND");
output_data(" SEND");
else
sprintf(nfrontp, " %d (unknown)", pointer[1]);
nfrontp += strlen(nfrontp);
output_data(" %d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
}
break;
case TELOPT_LFLOW:
sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
nfrontp += strlen(nfrontp);
output_data("TOGGLE-FLOW-CONTROL");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case LFLOW_OFF:
sprintf(nfrontp, " OFF"); break;
output_data(" OFF"); break;
case LFLOW_ON:
sprintf(nfrontp, " ON"); break;
output_data(" ON"); break;
case LFLOW_RESTART_ANY:
sprintf(nfrontp, " RESTART-ANY"); break;
output_data(" RESTART-ANY"); break;
case LFLOW_RESTART_XON:
sprintf(nfrontp, " RESTART-XON"); break;
output_data(" RESTART-XON"); break;
default:
sprintf(nfrontp, " %d (unknown)", pointer[1]);
output_data(" %d (unknown)", pointer[1]);
}
nfrontp += strlen(nfrontp);
for (i = 2; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
case TELOPT_NAWS:
sprintf(nfrontp, "NAWS");
nfrontp += strlen(nfrontp);
output_data("NAWS");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
if (length == 2) {
sprintf(nfrontp, " ?%d?", pointer[1]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[1]);
break;
}
sprintf(nfrontp, " %d %d (%d)",
output_data(" %d %d (%d)",
pointer[1], pointer[2],
(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
nfrontp += strlen(nfrontp);
if (length == 4) {
sprintf(nfrontp, " ?%d?", pointer[3]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[3]);
break;
}
sprintf(nfrontp, " %d %d (%d)",
output_data(" %d %d (%d)",
pointer[3], pointer[4],
(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
nfrontp += strlen(nfrontp);
for (i = 5; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
case TELOPT_LINEMODE:
sprintf(nfrontp, "LINEMODE ");
nfrontp += strlen(nfrontp);
output_data("LINEMODE ");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case WILL:
sprintf(nfrontp, "WILL ");
output_data("WILL ");
goto common;
case WONT:
sprintf(nfrontp, "WONT ");
output_data("WONT ");
goto common;
case DO:
sprintf(nfrontp, "DO ");
output_data("DO ");
goto common;
case DONT:
sprintf(nfrontp, "DONT ");
output_data("DONT ");
common:
nfrontp += strlen(nfrontp);
if (length < 3) {
sprintf(nfrontp, "(no option??\?)");
nfrontp += strlen(nfrontp);
output_data("(no option??\?)");
break;
}
switch (pointer[2]) {
case LM_FORWARDMASK:
sprintf(nfrontp, "Forward Mask");
nfrontp += strlen(nfrontp);
output_data("Forward Mask");
for (i = 3; i < length; i++) {
sprintf(nfrontp, " %x", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %x", pointer[i]);
}
break;
default:
sprintf(nfrontp, "%d (unknown)", pointer[2]);
nfrontp += strlen(nfrontp);
output_data("%d (unknown)", pointer[2]);
for (i = 3; i < length; i++) {
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i]);
}
break;
}
break;
case LM_SLC:
sprintf(nfrontp, "SLC");
nfrontp += strlen(nfrontp);
output_data("SLC");
for (i = 2; i < length - 2; i += 3) {
if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC]));
else
sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i+SLC_FUNC]);
switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
case SLC_NOSUPPORT:
sprintf(nfrontp, " NOSUPPORT"); break;
output_data(" NOSUPPORT"); break;
case SLC_CANTCHANGE:
sprintf(nfrontp, " CANTCHANGE"); break;
output_data(" CANTCHANGE"); break;
case SLC_VARIABLE:
sprintf(nfrontp, " VARIABLE"); break;
output_data(" VARIABLE"); break;
case SLC_DEFAULT:
sprintf(nfrontp, " DEFAULT"); break;
output_data(" DEFAULT"); break;
}
nfrontp += strlen(nfrontp);
sprintf(nfrontp, "%s%s%s",
output_data("%s%s%s",
pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
nfrontp += strlen(nfrontp);
if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
SLC_FLUSHOUT| SLC_LEVELBITS)) {
sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
nfrontp += strlen(nfrontp);
output_data("(0x%x)", pointer[i+SLC_FLAGS]);
}
sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
nfrontp += strlen(nfrontp);
output_data(" %d;", pointer[i+SLC_VALUE]);
if ((pointer[i+SLC_VALUE] == IAC) &&
(pointer[i+SLC_VALUE+1] == IAC))
i++;
}
for (; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
case LM_MODE:
sprintf(nfrontp, "MODE ");
nfrontp += strlen(nfrontp);
output_data("MODE ");
if (length < 3) {
sprintf(nfrontp, "(no mode??\?)");
nfrontp += strlen(nfrontp);
output_data("(no mode??\?)");
break;
}
{
@ -821,24 +774,19 @@ printsub(direction, pointer, length)
pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
pointer[2]&MODE_ACK ? "|ACK" : "");
sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
nfrontp += strlen(nfrontp);
output_data("%s", tbuf[1] ? &tbuf[1] : "0");
}
if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
sprintf(nfrontp, " (0x%x)", pointer[2]);
nfrontp += strlen(nfrontp);
output_data(" (0x%x)", pointer[2]);
}
for (i = 3; i < length; i++) {
sprintf(nfrontp, " ?0x%x?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?0x%x?", pointer[i]);
}
break;
default:
sprintf(nfrontp, "%d (unknown)", pointer[1]);
nfrontp += strlen(nfrontp);
output_data("%d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i]);
}
}
break;
@ -847,24 +795,20 @@ printsub(direction, pointer, length)
register char *cp;
register int j, k;
sprintf(nfrontp, "STATUS");
nfrontp += strlen(nfrontp);
output_data("STATUS");
switch (pointer[1]) {
default:
if (pointer[1] == TELQUAL_SEND)
sprintf(nfrontp, " SEND");
output_data(" SEND");
else
sprintf(nfrontp, " %d (unknown)", pointer[1]);
nfrontp += strlen(nfrontp);
output_data(" %d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
case TELQUAL_IS:
sprintf(nfrontp, " IS\r\n");
nfrontp += strlen(nfrontp);
output_data(" IS\r\n");
for (i = 2; i < length; i++) {
switch(pointer[i]) {
@ -875,18 +819,15 @@ printsub(direction, pointer, length)
common2:
i++;
if (TELOPT_OK(pointer[i]))
sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
output_data(" %s %s", cp, TELOPT(pointer[i]));
else
sprintf(nfrontp, " %s %d", cp, pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %s %d", cp, pointer[i]);
sprintf(nfrontp, "\r\n");
nfrontp += strlen(nfrontp);
output_data("\r\n");
break;
case SB:
sprintf(nfrontp, " SB ");
nfrontp += strlen(nfrontp);
output_data(" SB ");
i++;
j = k = i;
while (j < length) {
@ -902,20 +843,17 @@ printsub(direction, pointer, length)
}
printsub(0, &pointer[i], k - i);
if (i < length) {
sprintf(nfrontp, " SE");
nfrontp += strlen(nfrontp);
output_data(" SE");
i = j;
} else
i = j - 1;
sprintf(nfrontp, "\r\n");
nfrontp += strlen(nfrontp);
output_data("\r\n");
break;
default:
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i]);
break;
}
}
@ -925,86 +863,77 @@ printsub(direction, pointer, length)
}
case TELOPT_XDISPLOC:
sprintf(nfrontp, "X-DISPLAY-LOCATION ");
nfrontp += strlen(nfrontp);
output_data("X-DISPLAY-LOCATION ");
switch (pointer[1]) {
case TELQUAL_IS:
sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
break;
case TELQUAL_SEND:
sprintf(nfrontp, "SEND");
output_data("SEND");
break;
default:
sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
output_data("- unknown qualifier %d (0x%x).",
pointer[1], pointer[1]);
}
nfrontp += strlen(nfrontp);
break;
case TELOPT_NEW_ENVIRON:
sprintf(nfrontp, "NEW-ENVIRON ");
output_data("NEW-ENVIRON ");
goto env_common1;
case TELOPT_OLD_ENVIRON:
sprintf(nfrontp, "OLD-ENVIRON");
output_data("OLD-ENVIRON");
env_common1:
nfrontp += strlen(nfrontp);
switch (pointer[1]) {
case TELQUAL_IS:
sprintf(nfrontp, "IS ");
output_data("IS ");
goto env_common;
case TELQUAL_SEND:
sprintf(nfrontp, "SEND ");
output_data("SEND ");
goto env_common;
case TELQUAL_INFO:
sprintf(nfrontp, "INFO ");
output_data("INFO ");
env_common:
nfrontp += strlen(nfrontp);
{
register int noquote = 2;
for (i = 2; i < length; i++ ) {
switch (pointer[i]) {
case NEW_ENV_VAR:
sprintf(nfrontp, "\" VAR " + noquote);
nfrontp += strlen(nfrontp);
output_data("\" VAR " + noquote);
noquote = 2;
break;
case NEW_ENV_VALUE:
sprintf(nfrontp, "\" VALUE " + noquote);
nfrontp += strlen(nfrontp);
output_data("\" VALUE " + noquote);
noquote = 2;
break;
case ENV_ESC:
sprintf(nfrontp, "\" ESC " + noquote);
nfrontp += strlen(nfrontp);
output_data("\" ESC " + noquote);
noquote = 2;
break;
case ENV_USERVAR:
sprintf(nfrontp, "\" USERVAR " + noquote);
nfrontp += strlen(nfrontp);
output_data("\" USERVAR " + noquote);
noquote = 2;
break;
default:
if (isprint(pointer[i]) && pointer[i] != '"') {
if (noquote) {
*nfrontp++ = '"';
output_data("\"");
noquote = 0;
}
*nfrontp++ = pointer[i];
output_data("%c", pointer[i]);
} else {
sprintf(nfrontp, "\" %03o " + noquote,
output_data("\" %03o " + noquote,
pointer[i]);
nfrontp += strlen(nfrontp);
noquote = 2;
}
break;
}
}
if (!noquote)
*nfrontp++ = '"';
output_data("\"");
break;
}
}
@ -1012,83 +941,66 @@ printsub(direction, pointer, length)
#if defined(AUTHENTICATION)
case TELOPT_AUTHENTICATION:
sprintf(nfrontp, "AUTHENTICATION");
nfrontp += strlen(nfrontp);
output_data("AUTHENTICATION");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case TELQUAL_REPLY:
case TELQUAL_IS:
sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
output_data(" %s ", (pointer[1] == TELQUAL_IS) ?
"IS" : "REPLY");
nfrontp += strlen(nfrontp);
if (AUTHTYPE_NAME_OK(pointer[2]))
sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
output_data("%s ", AUTHTYPE_NAME(pointer[2]));
else
sprintf(nfrontp, "%d ", pointer[2]);
nfrontp += strlen(nfrontp);
output_data("%d ", pointer[2]);
if (length < 3) {
sprintf(nfrontp, "(partial suboption??\?)");
nfrontp += strlen(nfrontp);
output_data("(partial suboption??\?)");
break;
}
sprintf(nfrontp, "%s|%s",
output_data("%s|%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
"MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
{
char buf[512];
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
sprintf(nfrontp, "%s", buf);
output_data("%s", buf);
}
nfrontp += strlen(nfrontp);
break;
case TELQUAL_SEND:
i = 2;
sprintf(nfrontp, " SEND ");
nfrontp += strlen(nfrontp);
output_data(" SEND ");
while (i < length) {
if (AUTHTYPE_NAME_OK(pointer[i]))
sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
output_data("%s ", AUTHTYPE_NAME(pointer[i]));
else
sprintf(nfrontp, "%d ", pointer[i]);
nfrontp += strlen(nfrontp);
output_data("%d ", pointer[i]);
if (++i >= length) {
sprintf(nfrontp, "(partial suboption??\?)");
nfrontp += strlen(nfrontp);
output_data("(partial suboption??\?)");
break;
}
sprintf(nfrontp, "%s|%s ",
output_data("%s|%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
"MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
++i;
}
break;
case TELQUAL_NAME:
i = 2;
sprintf(nfrontp, " NAME \"");
nfrontp += strlen(nfrontp);
while (i < length)
*nfrontp += pointer[i++];
*nfrontp += '"';
output_data(" NAME \"%.*s\"", length - 2, pointer + 2);
break;
default:
for (i = 2; i < length; i++) {
sprintf(nfrontp, " ?%d?", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" ?%d?", pointer[i]);
}
break;
}
@ -1097,89 +1009,73 @@ printsub(direction, pointer, length)
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
sprintf(nfrontp, "ENCRYPT");
nfrontp += strlen(nfrontp);
output_data("ENCRYPT");
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case ENCRYPT_START:
sprintf(nfrontp, " START");
nfrontp += strlen(nfrontp);
output_data(" START");
break;
case ENCRYPT_END:
sprintf(nfrontp, " END");
nfrontp += strlen(nfrontp);
output_data(" END");
break;
case ENCRYPT_REQSTART:
sprintf(nfrontp, " REQUEST-START");
nfrontp += strlen(nfrontp);
output_data(" REQUEST-START");
break;
case ENCRYPT_REQEND:
sprintf(nfrontp, " REQUEST-END");
nfrontp += strlen(nfrontp);
output_data(" REQUEST-END");
break;
case ENCRYPT_IS:
case ENCRYPT_REPLY:
sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
output_data(" %s ", (pointer[1] == ENCRYPT_IS) ?
"IS" : "REPLY");
nfrontp += strlen(nfrontp);
if (length < 3) {
sprintf(nfrontp, " (partial suboption??\?)");
nfrontp += strlen(nfrontp);
output_data(" (partial suboption??\?)");
break;
}
if (ENCTYPE_NAME_OK(pointer[2]))
sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
output_data("%s ", ENCTYPE_NAME(pointer[2]));
else
sprintf(nfrontp, " %d (unknown)", pointer[2]);
nfrontp += strlen(nfrontp);
output_data(" %d (unknown)", pointer[2]);
{
char buf[512];
encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
sprintf(nfrontp, "%s", buf);
output_data("%s", buf);
}
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_SUPPORT:
i = 2;
sprintf(nfrontp, " SUPPORT ");
nfrontp += strlen(nfrontp);
output_data(" SUPPORT ");
while (i < length) {
if (ENCTYPE_NAME_OK(pointer[i]))
sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
output_data("%s ", ENCTYPE_NAME(pointer[i]));
else
sprintf(nfrontp, "%d ", pointer[i]);
nfrontp += strlen(nfrontp);
output_data("%d ", pointer[i]);
i++;
}
break;
case ENCRYPT_ENC_KEYID:
sprintf(nfrontp, " ENC_KEYID");
nfrontp += strlen(nfrontp);
output_data(" ENC_KEYID");
goto encommon;
case ENCRYPT_DEC_KEYID:
sprintf(nfrontp, " DEC_KEYID");
nfrontp += strlen(nfrontp);
output_data(" DEC_KEYID");
goto encommon;
default:
sprintf(nfrontp, " %d (unknown)", pointer[1]);
nfrontp += strlen(nfrontp);
output_data(" %d (unknown)", pointer[1]);
encommon:
for (i = 2; i < length; i++) {
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i]);
}
break;
}
@ -1188,18 +1084,15 @@ printsub(direction, pointer, length)
default:
if (TELOPT_OK(pointer[0]))
sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
output_data("%s (unknown)", TELOPT(pointer[0]));
else
sprintf(nfrontp, "%d (unknown)", pointer[i]);
nfrontp += strlen(nfrontp);
output_data("%d (unknown)", pointer[i]);
for (i = 1; i < length; i++) {
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
output_data(" %d", pointer[i]);
}
break;
}
sprintf(nfrontp, "\r\n");
nfrontp += strlen(nfrontp);
output_data("\r\n");
}
/*
@ -1221,26 +1114,22 @@ printdata(tag, ptr, cnt)
}
/* add a line of output */
sprintf(nfrontp, "%s: ", tag);
nfrontp += strlen(nfrontp);
output_data("%s: ", tag);
for (i = 0; i < 20 && cnt; i++) {
sprintf(nfrontp, "%02x", *ptr);
nfrontp += strlen(nfrontp);
output_data("%02x", *ptr);
if (isprint(*ptr)) {
xbuf[i] = *ptr;
} else {
xbuf[i] = '.';
}
if (i % 2) {
*nfrontp = ' ';
nfrontp++;
output_data(" ");
}
cnt--;
ptr++;
}
xbuf[i] = '\0';
sprintf(nfrontp, " %s\r\n", xbuf );
nfrontp += strlen(nfrontp);
output_data(" %s\r\n", xbuf );
}
}
#endif /* DIAGNOSTICS */