summaryrefslogtreecommitdiffstats
path: root/contrib/telnet
diff options
context:
space:
mode:
authorru <ru@FreeBSD.org>2001-07-19 17:48:57 +0000
committerru <ru@FreeBSD.org>2001-07-19 17:48:57 +0000
commit9cac33d71fc5f6846362da63a753c08e90efa427 (patch)
treebe1f96775e90a28babf09a5748699e16c80568d6 /contrib/telnet
parent32934481938551563374cb61f766b1f332377ee6 (diff)
downloadFreeBSD-src-9cac33d71fc5f6846362da63a753c08e90efa427.zip
FreeBSD-src-9cac33d71fc5f6846362da63a753c08e90efa427.tar.gz
Fixed the exploitable remote buffer overflow.
Reported on: bugtraq Obtained from: Heimdal, NetBSD Reviewed by: obrien, imp
Diffstat (limited to 'contrib/telnet')
-rw-r--r--contrib/telnet/telnetd/authenc.c3
-rw-r--r--contrib/telnet/telnetd/ext.h3
-rw-r--r--contrib/telnet/telnetd/state.c61
-rw-r--r--contrib/telnet/telnetd/telnetd.c49
-rw-r--r--contrib/telnet/telnetd/termstat.c18
-rw-r--r--contrib/telnet/telnetd/utility.c399
6 files changed, 219 insertions, 314 deletions
diff --git a/contrib/telnet/telnetd/authenc.c b/contrib/telnet/telnetd/authenc.c
index 39a38d4..26a85d2 100644
--- a/contrib/telnet/telnetd/authenc.c
+++ b/contrib/telnet/telnetd/authenc.c
@@ -49,8 +49,7 @@ net_write(str, len)
int len;
{
if (nfrontp + len < netobuf + BUFSIZ) {
- memmove((void *)nfrontp, (void *)str, len);
- nfrontp += len;
+ output_datalen(str, len);
return(len);
}
return(0);
diff --git a/contrib/telnet/telnetd/ext.h b/contrib/telnet/telnetd/ext.h
index b84cee4..f1bb02a 100644
--- a/contrib/telnet/telnetd/ext.h
+++ b/contrib/telnet/telnetd/ext.h
@@ -190,6 +190,9 @@ extern void
wontoption P((int)),
writenet P((unsigned char *, int));
+int output_data __P((const char *, ...)) __printflike(1, 2);
+int output_datalen __P((const char *, size_t));
+
#ifdef ENCRYPTION
extern void (*encrypt_output) P((unsigned char *, int));
extern int (*decrypt_input) P((int));
diff --git a/contrib/telnet/telnetd/state.c b/contrib/telnet/telnetd/state.c
index 4a066b7..ec012cf 100644
--- a/contrib/telnet/telnetd/state.c
+++ b/contrib/telnet/telnetd/state.c
@@ -39,6 +39,7 @@ static const char rcsid[] =
"$FreeBSD$";
#endif /* not lint */
+#include <stdarg.h>
#include "telnetd.h"
#if defined(AUTHENTICATION)
#include <libtelnet/auth.h>
@@ -205,8 +206,7 @@ gotiac: switch (c) {
}
netclear(); /* clear buffer back */
- *nfrontp++ = IAC;
- *nfrontp++ = DM;
+ output_data("%c%c", IAC, DM);
neturg = nfrontp-1; /* off by one XXX */
DIAG(TD_OPTIONS,
printoption("td: send IAC", DM));
@@ -459,8 +459,7 @@ send_do(option, init)
set_his_want_state_will(option);
do_dont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)doopt, option);
- nfrontp += sizeof (dont) - 2;
+ output_data((const char *)doopt, option);
DIAG(TD_OPTIONS, printoption("td: send do", option));
}
@@ -679,8 +678,7 @@ send_dont(option, init)
set_his_want_state_wont(option);
do_dont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)dont, option);
- nfrontp += sizeof (doopt) - 2;
+ output_data((const char *)dont, option);
DIAG(TD_OPTIONS, printoption("td: send dont", option));
}
@@ -828,8 +826,7 @@ send_will(option, init)
set_my_want_state_will(option);
will_wont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)will, option);
- nfrontp += sizeof (doopt) - 2;
+ output_data((const char *)will, option);
DIAG(TD_OPTIONS, printoption("td: send will", option));
}
@@ -987,8 +984,7 @@ send_wont(option, init)
set_my_want_state_wont(option);
will_wont_resp[option]++;
}
- (void) sprintf(nfrontp, (char *)wont, option);
- nfrontp += sizeof (wont) - 2;
+ output_data((const char *)wont, option);
DIAG(TD_OPTIONS, printoption("td: send wont", option));
}
@@ -1384,9 +1380,8 @@ suboption()
env_ovar_wrong:
env_ovar = OLD_ENV_VALUE;
env_ovalue = OLD_ENV_VAR;
- DIAG(TD_OPTIONS, {sprintf(nfrontp,
- "ENVIRON VALUE and VAR are reversed!\r\n");
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_OPTIONS,
+ output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
}
}
@@ -1617,3 +1612,43 @@ send_status()
DIAG(TD_OPTIONS,
{printsub('>', statusbuf, ncp - statusbuf); netflush();});
}
+
+/*
+ * This function appends data to nfrontp and advances nfrontp.
+ */
+
+int
+output_data(const char *format, ...)
+{
+ va_list args;
+ size_t remaining, ret;
+
+ va_start(args, format);
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ /* try a netflush() if the room is too low */
+ if (strlen(format) > remaining || BUFSIZ / 4 > remaining) {
+ netflush();
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ }
+ ret = vsnprintf(nfrontp, remaining, format, args);
+ nfrontp += ret;
+ va_end(args);
+ return ret;
+}
+
+int
+output_datalen(const char *buf, size_t len)
+{
+ size_t remaining;
+
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ if (remaining < len) {
+ netflush();
+ remaining = BUFSIZ - (nfrontp - netobuf);
+ }
+ if (remaining < len)
+ return -1;
+ memmove(nfrontp, buf, len);
+ nfrontp += len;
+ return (len);
+}
diff --git a/contrib/telnet/telnetd/telnetd.c b/contrib/telnet/telnetd/telnetd.c
index 96267b4..60353d6 100644
--- a/contrib/telnet/telnetd/telnetd.c
+++ b/contrib/telnet/telnetd/telnetd.c
@@ -683,38 +683,33 @@ getterminaltype(name)
static unsigned char sb[] =
{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
- memmove(nfrontp, sb, sizeof sb);
- nfrontp += sizeof sb;
+ output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_XDISPLOC)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
- memmove(nfrontp, sb, sizeof sb);
- nfrontp += sizeof sb;
+ output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
- memmove(nfrontp, sb, sizeof sb);
- nfrontp += sizeof sb;
+ output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
- memmove(nfrontp, sb, sizeof sb);
- nfrontp += sizeof sb;
+ output_datalen(sb, sizeof sb);
DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
}
if (his_state_is_will(TELOPT_TTYPE)) {
- memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
- nfrontp += sizeof ttytype_sbbuf;
+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
sizeof ttytype_sbbuf - 2););
}
@@ -793,8 +788,7 @@ _gettermname()
if (his_state_is_wont(TELOPT_TTYPE))
return;
settimer(baseline);
- memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
- nfrontp += sizeof ttytype_sbbuf;
+ output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
sizeof ttytype_sbbuf - 2););
while (sequenceIs(ttypesubopt, baseline))
@@ -1044,9 +1038,7 @@ telnet(f, p, host)
* mode, which we do not want.
*/
if (his_want_state_is_will(TELOPT_ECHO)) {
- DIAG(TD_OPTIONS,
- {sprintf(nfrontp, "td: simulating recv\r\n");
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n"));
willoption(TELOPT_ECHO);
}
@@ -1181,9 +1173,7 @@ telnet(f, p, host)
localstat();
#endif /* LINEMODE */
- DIAG(TD_REPORT,
- {sprintf(nfrontp, "td: Entering processing loop\r\n");
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
/*
* Startup the login process on the slave side of the terminal
@@ -1312,8 +1302,7 @@ telnet(f, p, host)
netip = netibuf;
}
DIAG((TD_REPORT | TD_NETDATA),
- {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
- nfrontp += strlen(nfrontp);});
+ output_data("td: netread %d chars\r\n", ncc));
DIAG(TD_NETDATA, printdata("nd", netip, ncc));
}
@@ -1360,8 +1349,7 @@ telnet(f, p, host)
* royally if we send them urgent
* mode data.
*/
- *nfrontp++ = IAC;
- *nfrontp++ = DM;
+ output_data("%c%c", IAC, DM);
neturg = nfrontp-1; /* off by one XXX */
DIAG(TD_OPTIONS,
printoption("td: send IAC", DM));
@@ -1375,13 +1363,11 @@ telnet(f, p, host)
ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
if (newflow != flowmode) {
flowmode = newflow;
- (void) sprintf(nfrontp,
- "%c%c%c%c%c%c",
+ output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON
: LFLOW_OFF,
IAC, SE);
- nfrontp += 6;
DIAG(TD_OPTIONS, printsub('>',
(unsigned char *)nfrontp-4,
4););
@@ -1407,19 +1393,19 @@ telnet(f, p, host)
break;
c = *ptyip++ & 0377, pcc--;
if (c == IAC)
- *nfrontp++ = c;
+ output_data("%c", c);
#if defined(CRAY2) && defined(UNICOS5)
else if (c == '\n' &&
my_state_is_wont(TELOPT_BINARY) && newmap)
- *nfrontp++ = '\r';
+ output_data("\r");
#endif /* defined(CRAY2) && defined(UNICOS5) */
- *nfrontp++ = c;
+ output_data("%c", c);
if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
- *nfrontp++ = *ptyip++ & 0377;
+ output_data("%c", *ptyip++ & 0377);
pcc--;
} else
- *nfrontp++ = '\0';
+ output_data("%c", '\0');
}
}
#if defined(CRAY2) && defined(UNICOS5)
@@ -1613,8 +1599,7 @@ recv_ayt()
return;
}
#endif
- (void) strcpy(nfrontp, "\r\n[Yes]\r\n");
- nfrontp += 9;
+ output_data("\r\n[Yes]\r\n");
}
void
diff --git a/contrib/telnet/telnetd/termstat.c b/contrib/telnet/telnetd/termstat.c
index e94720c..30230d4 100644
--- a/contrib/telnet/telnetd/termstat.c
+++ b/contrib/telnet/telnetd/termstat.c
@@ -302,10 +302,9 @@ localstat()
# endif /* KLUDGELINEMODE */
send_do(TELOPT_LINEMODE, 1);
/* send along edit modes */
- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+ output_data("%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
- nfrontp += 7;
editmode = useeditmode;
# ifdef KLUDGELINEMODE
}
@@ -331,10 +330,9 @@ localstat()
/*
* Send along appropriate edit mode mask.
*/
- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+ output_data("%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
- nfrontp += 7;
editmode = useeditmode;
}
@@ -378,20 +376,18 @@ flowstat()
if (his_state_is_will(TELOPT_LFLOW)) {
if (tty_flowmode() != flowmode) {
flowmode = tty_flowmode();
- (void) sprintf(nfrontp, "%c%c%c%c%c%c",
+ output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON : LFLOW_OFF,
IAC, SE);
- nfrontp += 6;
}
if (tty_restartany() != restartany) {
restartany = tty_restartany();
- (void) sprintf(nfrontp, "%c%c%c%c%c%c",
+ output_data("%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
restartany ? LFLOW_RESTART_ANY
: LFLOW_RESTART_XON,
IAC, SE);
- nfrontp += 6;
}
}
}
@@ -464,10 +460,9 @@ clientstat(code, parm1, parm2)
useeditmode |= MODE_SOFT_TAB;
if (tty_islitecho())
useeditmode |= MODE_LIT_ECHO;
- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+ output_data("%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode, IAC, SE);
- nfrontp += 7;
editmode = useeditmode;
}
@@ -523,11 +518,10 @@ clientstat(code, parm1, parm2)
set_termbuf();
if (!ack) {
- (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+ output_data("%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode|MODE_ACK,
IAC, SE);
- nfrontp += 7;
}
editmode = useeditmode;
diff --git a/contrib/telnet/telnetd/utility.c b/contrib/telnet/telnetd/utility.c
index da01828..aa85d7a 100644
--- a/contrib/telnet/telnetd/utility.c
+++ b/contrib/telnet/telnetd/utility.c
@@ -71,8 +71,7 @@ ttloop()
{
void netflush();
- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_REPORT, output_data("td: ttloop\r\n"));
if (nfrontp-nbackp) {
netflush();
}
@@ -84,8 +83,7 @@ ttloop()
syslog(LOG_INFO, "ttloop: peer died: %m");
exit(1);
}
- DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
- nfrontp += strlen(nfrontp);});
+ DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc));
netip = netibuf;
telrcv(); /* state machine */
if (ncc > 0) {
@@ -128,9 +126,8 @@ ptyflush()
int n;
if ((n = pfrontp - pbackp) > 0) {
- DIAG((TD_REPORT | TD_PTYDATA),
- { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
- nfrontp += strlen(nfrontp); });
+ DIAG(TD_REPORT | TD_PTYDATA,
+ output_data("td: ptyflush %d chars\r\n", n));
DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
n = write(pty, pbackp, n);
}
@@ -261,11 +258,9 @@ netflush()
extern int not42;
if ((n = nfrontp - nbackp) > 0) {
- DIAG(TD_REPORT,
- { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
- n += strlen(nfrontp); /* get count first */
- nfrontp += strlen(nfrontp); /* then move pointer */
- });
+ DIAG(TD_REPORT, {
+ n += output_data("td: netflush %d chars\r\n", n);
+ });
#ifdef ENCRYPTION
if (encrypt_output) {
char *s = nclearto ? nclearto : nbackp;
@@ -554,12 +549,11 @@ printoption(fmt, option)
register int option;
{
if (TELOPT_OK(option))
- sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
+ output_data("%s %s\r\n", fmt, TELOPT(option));
else if (TELCMD_OK(option))
- sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
+ output_data("%s %s\r\n", fmt, TELCMD(option));
else
- sprintf(nfrontp, "%s %d\r\n", fmt, option);
- nfrontp += strlen(nfrontp);
+ output_data("%s %d\r\n", fmt, option);
return;
}
@@ -575,9 +569,8 @@ printsub(direction, pointer, length)
return;
if (direction) {
- sprintf(nfrontp, "td: %s suboption ",
+ output_data("td: %s suboption ",
direction == '<' ? "recv" : "send");
- nfrontp += strlen(nfrontp);
if (length >= 3) {
register int j;
@@ -585,232 +578,192 @@ printsub(direction, pointer, length)
j = pointer[length-1];
if (i != IAC || j != SE) {
- sprintf(nfrontp, "(terminated by ");
- nfrontp += strlen(nfrontp);
+ output_data("(terminated by ");
if (TELOPT_OK(i))
- sprintf(nfrontp, "%s ", TELOPT(i));
+ output_data("%s ", TELOPT(i));
else if (TELCMD_OK(i))
- sprintf(nfrontp, "%s ", TELCMD(i));
+ output_data("%s ", TELCMD(i));
else
- sprintf(nfrontp, "%d ", i);
- nfrontp += strlen(nfrontp);
+ output_data("%d ", i);
if (TELOPT_OK(j))
- sprintf(nfrontp, "%s", TELOPT(j));
+ output_data("%s", TELOPT(j));
else if (TELCMD_OK(j))
- sprintf(nfrontp, "%s", TELCMD(j));
+ output_data("%s", TELCMD(j));
else
- sprintf(nfrontp, "%d", j);
- nfrontp += strlen(nfrontp);
- sprintf(nfrontp, ", not IAC SE!) ");
- nfrontp += strlen(nfrontp);
+ output_data("%d", j);
+ output_data(", not IAC SE!) ");
}
}
length -= 2;
}
if (length < 1) {
- sprintf(nfrontp, "(Empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data("(Empty suboption??\?)");
return;
}
switch (pointer[0]) {
case TELOPT_TTYPE:
- sprintf(nfrontp, "TERMINAL-TYPE ");
- nfrontp += strlen(nfrontp);
+ output_data("TERMINAL-TYPE ");
switch (pointer[1]) {
case TELQUAL_IS:
- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
break;
case TELQUAL_SEND:
- sprintf(nfrontp, "SEND");
+ output_data("SEND");
break;
default:
- sprintf(nfrontp,
+ output_data(
"- unknown qualifier %d (0x%x).",
pointer[1], pointer[1]);
}
- nfrontp += strlen(nfrontp);
break;
case TELOPT_TSPEED:
- sprintf(nfrontp, "TERMINAL-SPEED");
- nfrontp += strlen(nfrontp);
+ output_data("TERMINAL-SPEED");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case TELQUAL_IS:
- sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
- nfrontp += strlen(nfrontp);
+ output_data(" IS %.*s", length-2, (char *)pointer+2);
break;
default:
if (pointer[1] == 1)
- sprintf(nfrontp, " SEND");
+ output_data(" SEND");
else
- sprintf(nfrontp, " %d (unknown)", pointer[1]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
}
break;
case TELOPT_LFLOW:
- sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
- nfrontp += strlen(nfrontp);
+ output_data("TOGGLE-FLOW-CONTROL");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case LFLOW_OFF:
- sprintf(nfrontp, " OFF"); break;
+ output_data(" OFF"); break;
case LFLOW_ON:
- sprintf(nfrontp, " ON"); break;
+ output_data(" ON"); break;
case LFLOW_RESTART_ANY:
- sprintf(nfrontp, " RESTART-ANY"); break;
+ output_data(" RESTART-ANY"); break;
case LFLOW_RESTART_XON:
- sprintf(nfrontp, " RESTART-XON"); break;
+ output_data(" RESTART-XON"); break;
default:
- sprintf(nfrontp, " %d (unknown)", pointer[1]);
+ output_data(" %d (unknown)", pointer[1]);
}
- nfrontp += strlen(nfrontp);
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
case TELOPT_NAWS:
- sprintf(nfrontp, "NAWS");
- nfrontp += strlen(nfrontp);
+ output_data("NAWS");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
if (length == 2) {
- sprintf(nfrontp, " ?%d?", pointer[1]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[1]);
break;
}
- sprintf(nfrontp, " %d %d (%d)",
+ output_data(" %d %d (%d)",
pointer[1], pointer[2],
(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
- nfrontp += strlen(nfrontp);
if (length == 4) {
- sprintf(nfrontp, " ?%d?", pointer[3]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[3]);
break;
}
- sprintf(nfrontp, " %d %d (%d)",
+ output_data(" %d %d (%d)",
pointer[3], pointer[4],
(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
- nfrontp += strlen(nfrontp);
for (i = 5; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
case TELOPT_LINEMODE:
- sprintf(nfrontp, "LINEMODE ");
- nfrontp += strlen(nfrontp);
+ output_data("LINEMODE ");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case WILL:
- sprintf(nfrontp, "WILL ");
+ output_data("WILL ");
goto common;
case WONT:
- sprintf(nfrontp, "WONT ");
+ output_data("WONT ");
goto common;
case DO:
- sprintf(nfrontp, "DO ");
+ output_data("DO ");
goto common;
case DONT:
- sprintf(nfrontp, "DONT ");
+ output_data("DONT ");
common:
- nfrontp += strlen(nfrontp);
if (length < 3) {
- sprintf(nfrontp, "(no option??\?)");
- nfrontp += strlen(nfrontp);
+ output_data("(no option??\?)");
break;
}
switch (pointer[2]) {
case LM_FORWARDMASK:
- sprintf(nfrontp, "Forward Mask");
- nfrontp += strlen(nfrontp);
+ output_data("Forward Mask");
for (i = 3; i < length; i++) {
- sprintf(nfrontp, " %x", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %x", pointer[i]);
}
break;
default:
- sprintf(nfrontp, "%d (unknown)", pointer[2]);
- nfrontp += strlen(nfrontp);
+ output_data("%d (unknown)", pointer[2]);
for (i = 3; i < length; i++) {
- sprintf(nfrontp, " %d", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i]);
}
break;
}
break;
case LM_SLC:
- sprintf(nfrontp, "SLC");
- nfrontp += strlen(nfrontp);
+ output_data("SLC");
for (i = 2; i < length - 2; i += 3) {
if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
- sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
+ output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC]));
else
- sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i+SLC_FUNC]);
switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
case SLC_NOSUPPORT:
- sprintf(nfrontp, " NOSUPPORT"); break;
+ output_data(" NOSUPPORT"); break;
case SLC_CANTCHANGE:
- sprintf(nfrontp, " CANTCHANGE"); break;
+ output_data(" CANTCHANGE"); break;
case SLC_VARIABLE:
- sprintf(nfrontp, " VARIABLE"); break;
+ output_data(" VARIABLE"); break;
case SLC_DEFAULT:
- sprintf(nfrontp, " DEFAULT"); break;
+ output_data(" DEFAULT"); break;
}
- nfrontp += strlen(nfrontp);
- sprintf(nfrontp, "%s%s%s",
+ output_data("%s%s%s",
pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
- nfrontp += strlen(nfrontp);
if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
SLC_FLUSHOUT| SLC_LEVELBITS)) {
- sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
- nfrontp += strlen(nfrontp);
+ output_data("(0x%x)", pointer[i+SLC_FLAGS]);
}
- sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d;", pointer[i+SLC_VALUE]);
if ((pointer[i+SLC_VALUE] == IAC) &&
(pointer[i+SLC_VALUE+1] == IAC))
i++;
}
for (; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
case LM_MODE:
- sprintf(nfrontp, "MODE ");
- nfrontp += strlen(nfrontp);
+ output_data("MODE ");
if (length < 3) {
- sprintf(nfrontp, "(no mode??\?)");
- nfrontp += strlen(nfrontp);
+ output_data("(no mode??\?)");
break;
}
{
@@ -821,24 +774,19 @@ printsub(direction, pointer, length)
pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
pointer[2]&MODE_ACK ? "|ACK" : "");
- sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
- nfrontp += strlen(nfrontp);
+ output_data("%s", tbuf[1] ? &tbuf[1] : "0");
}
if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
- sprintf(nfrontp, " (0x%x)", pointer[2]);
- nfrontp += strlen(nfrontp);
+ output_data(" (0x%x)", pointer[2]);
}
for (i = 3; i < length; i++) {
- sprintf(nfrontp, " ?0x%x?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?0x%x?", pointer[i]);
}
break;
default:
- sprintf(nfrontp, "%d (unknown)", pointer[1]);
- nfrontp += strlen(nfrontp);
+ output_data("%d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " %d", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i]);
}
}
break;
@@ -847,24 +795,20 @@ printsub(direction, pointer, length)
register char *cp;
register int j, k;
- sprintf(nfrontp, "STATUS");
- nfrontp += strlen(nfrontp);
+ output_data("STATUS");
switch (pointer[1]) {
default:
if (pointer[1] == TELQUAL_SEND)
- sprintf(nfrontp, " SEND");
+ output_data(" SEND");
else
- sprintf(nfrontp, " %d (unknown)", pointer[1]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d (unknown)", pointer[1]);
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
case TELQUAL_IS:
- sprintf(nfrontp, " IS\r\n");
- nfrontp += strlen(nfrontp);
+ output_data(" IS\r\n");
for (i = 2; i < length; i++) {
switch(pointer[i]) {
@@ -875,18 +819,15 @@ printsub(direction, pointer, length)
common2:
i++;
if (TELOPT_OK(pointer[i]))
- sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
+ output_data(" %s %s", cp, TELOPT(pointer[i]));
else
- sprintf(nfrontp, " %s %d", cp, pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %s %d", cp, pointer[i]);
- sprintf(nfrontp, "\r\n");
- nfrontp += strlen(nfrontp);
+ output_data("\r\n");
break;
case SB:
- sprintf(nfrontp, " SB ");
- nfrontp += strlen(nfrontp);
+ output_data(" SB ");
i++;
j = k = i;
while (j < length) {
@@ -902,20 +843,17 @@ printsub(direction, pointer, length)
}
printsub(0, &pointer[i], k - i);
if (i < length) {
- sprintf(nfrontp, " SE");
- nfrontp += strlen(nfrontp);
+ output_data(" SE");
i = j;
} else
i = j - 1;
- sprintf(nfrontp, "\r\n");
- nfrontp += strlen(nfrontp);
+ output_data("\r\n");
break;
default:
- sprintf(nfrontp, " %d", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i]);
break;
}
}
@@ -925,86 +863,77 @@ printsub(direction, pointer, length)
}
case TELOPT_XDISPLOC:
- sprintf(nfrontp, "X-DISPLAY-LOCATION ");
- nfrontp += strlen(nfrontp);
+ output_data("X-DISPLAY-LOCATION ");
switch (pointer[1]) {
case TELQUAL_IS:
- sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
break;
case TELQUAL_SEND:
- sprintf(nfrontp, "SEND");
+ output_data("SEND");
break;
default:
- sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
+ output_data("- unknown qualifier %d (0x%x).",
pointer[1], pointer[1]);
}
- nfrontp += strlen(nfrontp);
break;
case TELOPT_NEW_ENVIRON:
- sprintf(nfrontp, "NEW-ENVIRON ");
+ output_data("NEW-ENVIRON ");
goto env_common1;
case TELOPT_OLD_ENVIRON:
- sprintf(nfrontp, "OLD-ENVIRON");
+ output_data("OLD-ENVIRON");
env_common1:
- nfrontp += strlen(nfrontp);
switch (pointer[1]) {
case TELQUAL_IS:
- sprintf(nfrontp, "IS ");
+ output_data("IS ");
goto env_common;
case TELQUAL_SEND:
- sprintf(nfrontp, "SEND ");
+ output_data("SEND ");
goto env_common;
case TELQUAL_INFO:
- sprintf(nfrontp, "INFO ");
+ output_data("INFO ");
env_common:
- nfrontp += strlen(nfrontp);
{
register int noquote = 2;
for (i = 2; i < length; i++ ) {
switch (pointer[i]) {
case NEW_ENV_VAR:
- sprintf(nfrontp, "\" VAR " + noquote);
- nfrontp += strlen(nfrontp);
+ output_data("\" VAR " + noquote);
noquote = 2;
break;
case NEW_ENV_VALUE:
- sprintf(nfrontp, "\" VALUE " + noquote);
- nfrontp += strlen(nfrontp);
+ output_data("\" VALUE " + noquote);
noquote = 2;
break;
case ENV_ESC:
- sprintf(nfrontp, "\" ESC " + noquote);
- nfrontp += strlen(nfrontp);
+ output_data("\" ESC " + noquote);
noquote = 2;
break;
case ENV_USERVAR:
- sprintf(nfrontp, "\" USERVAR " + noquote);
- nfrontp += strlen(nfrontp);
+ output_data("\" USERVAR " + noquote);
noquote = 2;
break;
default:
if (isprint(pointer[i]) && pointer[i] != '"') {
if (noquote) {
- *nfrontp++ = '"';
+ output_data("\"");
noquote = 0;
}
- *nfrontp++ = pointer[i];
+ output_data("%c", pointer[i]);
} else {
- sprintf(nfrontp, "\" %03o " + noquote,
+ output_data("\" %03o " + noquote,
pointer[i]);
- nfrontp += strlen(nfrontp);
noquote = 2;
}
break;
}
}
if (!noquote)
- *nfrontp++ = '"';
+ output_data("\"");
break;
}
}
@@ -1012,83 +941,66 @@ printsub(direction, pointer, length)
#if defined(AUTHENTICATION)
case TELOPT_AUTHENTICATION:
- sprintf(nfrontp, "AUTHENTICATION");
- nfrontp += strlen(nfrontp);
+ output_data("AUTHENTICATION");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case TELQUAL_REPLY:
case TELQUAL_IS:
- sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
+ output_data(" %s ", (pointer[1] == TELQUAL_IS) ?
"IS" : "REPLY");
- nfrontp += strlen(nfrontp);
if (AUTHTYPE_NAME_OK(pointer[2]))
- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
+ output_data("%s ", AUTHTYPE_NAME(pointer[2]));
else
- sprintf(nfrontp, "%d ", pointer[2]);
- nfrontp += strlen(nfrontp);
+ output_data("%d ", pointer[2]);
if (length < 3) {
- sprintf(nfrontp, "(partial suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data("(partial suboption??\?)");
break;
}
- sprintf(nfrontp, "%s|%s",
+ output_data("%s|%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
"MUTUAL" : "ONE-WAY");
- nfrontp += strlen(nfrontp);
{
char buf[512];
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
- sprintf(nfrontp, "%s", buf);
+ output_data("%s", buf);
}
- nfrontp += strlen(nfrontp);
break;
case TELQUAL_SEND:
i = 2;
- sprintf(nfrontp, " SEND ");
- nfrontp += strlen(nfrontp);
+ output_data(" SEND ");
while (i < length) {
if (AUTHTYPE_NAME_OK(pointer[i]))
- sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
+ output_data("%s ", AUTHTYPE_NAME(pointer[i]));
else
- sprintf(nfrontp, "%d ", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data("%d ", pointer[i]);
if (++i >= length) {
- sprintf(nfrontp, "(partial suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data("(partial suboption??\?)");
break;
}
- sprintf(nfrontp, "%s|%s ",
+ output_data("%s|%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
"MUTUAL" : "ONE-WAY");
- nfrontp += strlen(nfrontp);
++i;
}
break;
case TELQUAL_NAME:
- i = 2;
- sprintf(nfrontp, " NAME \"");
- nfrontp += strlen(nfrontp);
- while (i < length)
- *nfrontp += pointer[i++];
- *nfrontp += '"';
+ output_data(" NAME \"%.*s\"", length - 2, pointer + 2);
break;
default:
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " ?%d?", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" ?%d?", pointer[i]);
}
break;
}
@@ -1097,89 +1009,73 @@ printsub(direction, pointer, length)
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
- sprintf(nfrontp, "ENCRYPT");
- nfrontp += strlen(nfrontp);
+ output_data("ENCRYPT");
if (length < 2) {
- sprintf(nfrontp, " (empty suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (empty suboption??\?)");
break;
}
switch (pointer[1]) {
case ENCRYPT_START:
- sprintf(nfrontp, " START");
- nfrontp += strlen(nfrontp);
+ output_data(" START");
break;
case ENCRYPT_END:
- sprintf(nfrontp, " END");
- nfrontp += strlen(nfrontp);
+ output_data(" END");
break;
case ENCRYPT_REQSTART:
- sprintf(nfrontp, " REQUEST-START");
- nfrontp += strlen(nfrontp);
+ output_data(" REQUEST-START");
break;
case ENCRYPT_REQEND:
- sprintf(nfrontp, " REQUEST-END");
- nfrontp += strlen(nfrontp);
+ output_data(" REQUEST-END");
break;
case ENCRYPT_IS:
case ENCRYPT_REPLY:
- sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
+ output_data(" %s ", (pointer[1] == ENCRYPT_IS) ?
"IS" : "REPLY");
- nfrontp += strlen(nfrontp);
if (length < 3) {
- sprintf(nfrontp, " (partial suboption??\?)");
- nfrontp += strlen(nfrontp);
+ output_data(" (partial suboption??\?)");
break;
}
if (ENCTYPE_NAME_OK(pointer[2]))
- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
+ output_data("%s ", ENCTYPE_NAME(pointer[2]));
else
- sprintf(nfrontp, " %d (unknown)", pointer[2]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d (unknown)", pointer[2]);
{
char buf[512];
encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
- sprintf(nfrontp, "%s", buf);
+ output_data("%s", buf);
}
- nfrontp += strlen(nfrontp);
break;
case ENCRYPT_SUPPORT:
i = 2;
- sprintf(nfrontp, " SUPPORT ");
- nfrontp += strlen(nfrontp);
+ output_data(" SUPPORT ");
while (i < length) {
if (ENCTYPE_NAME_OK(pointer[i]))
- sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
+ output_data("%s ", ENCTYPE_NAME(pointer[i]));
else
- sprintf(nfrontp, "%d ", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data("%d ", pointer[i]);
i++;
}
break;
case ENCRYPT_ENC_KEYID:
- sprintf(nfrontp, " ENC_KEYID");
- nfrontp += strlen(nfrontp);
+ output_data(" ENC_KEYID");
goto encommon;
case ENCRYPT_DEC_KEYID:
- sprintf(nfrontp, " DEC_KEYID");
- nfrontp += strlen(nfrontp);
+ output_data(" DEC_KEYID");
goto encommon;
default:
- sprintf(nfrontp, " %d (unknown)", pointer[1]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d (unknown)", pointer[1]);
encommon:
for (i = 2; i < length; i++) {
- sprintf(nfrontp, " %d", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i]);
}
break;
}
@@ -1188,18 +1084,15 @@ printsub(direction, pointer, length)
default:
if (TELOPT_OK(pointer[0]))
- sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
+ output_data("%s (unknown)", TELOPT(pointer[0]));
else
- sprintf(nfrontp, "%d (unknown)", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data("%d (unknown)", pointer[i]);
for (i = 1; i < length; i++) {
- sprintf(nfrontp, " %d", pointer[i]);
- nfrontp += strlen(nfrontp);
+ output_data(" %d", pointer[i]);
}
break;
}
- sprintf(nfrontp, "\r\n");
- nfrontp += strlen(nfrontp);
+ output_data("\r\n");
}
/*
@@ -1221,26 +1114,22 @@ printdata(tag, ptr, cnt)
}
/* add a line of output */
- sprintf(nfrontp, "%s: ", tag);
- nfrontp += strlen(nfrontp);
+ output_data("%s: ", tag);
for (i = 0; i < 20 && cnt; i++) {
- sprintf(nfrontp, "%02x", *ptr);
- nfrontp += strlen(nfrontp);
+ output_data("%02x", *ptr);
if (isprint(*ptr)) {
xbuf[i] = *ptr;
} else {
xbuf[i] = '.';
}
if (i % 2) {
- *nfrontp = ' ';
- nfrontp++;
+ output_data(" ");
}
cnt--;
ptr++;
}
xbuf[i] = '\0';
- sprintf(nfrontp, " %s\r\n", xbuf );
- nfrontp += strlen(nfrontp);
+ output_data(" %s\r\n", xbuf );
}
}
#endif /* DIAGNOSTICS */
OpenPOWER on IntegriCloud