diff options
author | ru <ru@FreeBSD.org> | 2001-07-19 17:48:57 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-07-19 17:48:57 +0000 |
commit | 9cac33d71fc5f6846362da63a753c08e90efa427 (patch) | |
tree | be1f96775e90a28babf09a5748699e16c80568d6 /contrib/telnet | |
parent | 32934481938551563374cb61f766b1f332377ee6 (diff) | |
download | FreeBSD-src-9cac33d71fc5f6846362da63a753c08e90efa427.zip FreeBSD-src-9cac33d71fc5f6846362da63a753c08e90efa427.tar.gz |
Fixed the exploitable remote buffer overflow.
Reported on: bugtraq
Obtained from: Heimdal, NetBSD
Reviewed by: obrien, imp
Diffstat (limited to 'contrib/telnet')
-rw-r--r-- | contrib/telnet/telnetd/authenc.c | 3 | ||||
-rw-r--r-- | contrib/telnet/telnetd/ext.h | 3 | ||||
-rw-r--r-- | contrib/telnet/telnetd/state.c | 61 | ||||
-rw-r--r-- | contrib/telnet/telnetd/telnetd.c | 49 | ||||
-rw-r--r-- | contrib/telnet/telnetd/termstat.c | 18 | ||||
-rw-r--r-- | contrib/telnet/telnetd/utility.c | 399 |
6 files changed, 219 insertions, 314 deletions
diff --git a/contrib/telnet/telnetd/authenc.c b/contrib/telnet/telnetd/authenc.c index 39a38d4..26a85d2 100644 --- a/contrib/telnet/telnetd/authenc.c +++ b/contrib/telnet/telnetd/authenc.c @@ -49,8 +49,7 @@ net_write(str, len) int len; { if (nfrontp + len < netobuf + BUFSIZ) { - memmove((void *)nfrontp, (void *)str, len); - nfrontp += len; + output_datalen(str, len); return(len); } return(0); diff --git a/contrib/telnet/telnetd/ext.h b/contrib/telnet/telnetd/ext.h index b84cee4..f1bb02a 100644 --- a/contrib/telnet/telnetd/ext.h +++ b/contrib/telnet/telnetd/ext.h @@ -190,6 +190,9 @@ extern void wontoption P((int)), writenet P((unsigned char *, int)); +int output_data __P((const char *, ...)) __printflike(1, 2); +int output_datalen __P((const char *, size_t)); + #ifdef ENCRYPTION extern void (*encrypt_output) P((unsigned char *, int)); extern int (*decrypt_input) P((int)); diff --git a/contrib/telnet/telnetd/state.c b/contrib/telnet/telnetd/state.c index 4a066b7..ec012cf 100644 --- a/contrib/telnet/telnetd/state.c +++ b/contrib/telnet/telnetd/state.c @@ -39,6 +39,7 @@ static const char rcsid[] = "$FreeBSD$"; #endif /* not lint */ +#include <stdarg.h> #include "telnetd.h" #if defined(AUTHENTICATION) #include <libtelnet/auth.h> @@ -205,8 +206,7 @@ gotiac: switch (c) { } netclear(); /* clear buffer back */ - *nfrontp++ = IAC; - *nfrontp++ = DM; + output_data("%c%c", IAC, DM); neturg = nfrontp-1; /* off by one XXX */ DIAG(TD_OPTIONS, printoption("td: send IAC", DM)); @@ -459,8 +459,7 @@ send_do(option, init) set_his_want_state_will(option); do_dont_resp[option]++; } - (void) sprintf(nfrontp, (char *)doopt, option); - nfrontp += sizeof (dont) - 2; + output_data((const char *)doopt, option); DIAG(TD_OPTIONS, printoption("td: send do", option)); } @@ -679,8 +678,7 @@ send_dont(option, init) set_his_want_state_wont(option); do_dont_resp[option]++; } - (void) sprintf(nfrontp, (char *)dont, option); - nfrontp += sizeof (doopt) - 2; + output_data((const char *)dont, option); DIAG(TD_OPTIONS, printoption("td: send dont", option)); } @@ -828,8 +826,7 @@ send_will(option, init) set_my_want_state_will(option); will_wont_resp[option]++; } - (void) sprintf(nfrontp, (char *)will, option); - nfrontp += sizeof (doopt) - 2; + output_data((const char *)will, option); DIAG(TD_OPTIONS, printoption("td: send will", option)); } @@ -987,8 +984,7 @@ send_wont(option, init) set_my_want_state_wont(option); will_wont_resp[option]++; } - (void) sprintf(nfrontp, (char *)wont, option); - nfrontp += sizeof (wont) - 2; + output_data((const char *)wont, option); DIAG(TD_OPTIONS, printoption("td: send wont", option)); } @@ -1384,9 +1380,8 @@ suboption() env_ovar_wrong: env_ovar = OLD_ENV_VALUE; env_ovalue = OLD_ENV_VAR; - DIAG(TD_OPTIONS, {sprintf(nfrontp, - "ENVIRON VALUE and VAR are reversed!\r\n"); - nfrontp += strlen(nfrontp);}); + DIAG(TD_OPTIONS, + output_data("ENVIRON VALUE and VAR are reversed!\r\n")); } } @@ -1617,3 +1612,43 @@ send_status() DIAG(TD_OPTIONS, {printsub('>', statusbuf, ncp - statusbuf); netflush();}); } + +/* + * This function appends data to nfrontp and advances nfrontp. + */ + +int +output_data(const char *format, ...) +{ + va_list args; + size_t remaining, ret; + + va_start(args, format); + remaining = BUFSIZ - (nfrontp - netobuf); + /* try a netflush() if the room is too low */ + if (strlen(format) > remaining || BUFSIZ / 4 > remaining) { + netflush(); + remaining = BUFSIZ - (nfrontp - netobuf); + } + ret = vsnprintf(nfrontp, remaining, format, args); + nfrontp += ret; + va_end(args); + return ret; +} + +int +output_datalen(const char *buf, size_t len) +{ + size_t remaining; + + remaining = BUFSIZ - (nfrontp - netobuf); + if (remaining < len) { + netflush(); + remaining = BUFSIZ - (nfrontp - netobuf); + } + if (remaining < len) + return -1; + memmove(nfrontp, buf, len); + nfrontp += len; + return (len); +} diff --git a/contrib/telnet/telnetd/telnetd.c b/contrib/telnet/telnetd/telnetd.c index 96267b4..60353d6 100644 --- a/contrib/telnet/telnetd/telnetd.c +++ b/contrib/telnet/telnetd/telnetd.c @@ -683,38 +683,33 @@ getterminaltype(name) static unsigned char sb[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - memmove(nfrontp, sb, sizeof sb); - nfrontp += sizeof sb; + output_datalen(sb, sizeof sb); DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_XDISPLOC)) { static unsigned char sb[] = { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - memmove(nfrontp, sb, sizeof sb); - nfrontp += sizeof sb; + output_datalen(sb, sizeof sb); DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_NEW_ENVIRON)) { static unsigned char sb[] = { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - memmove(nfrontp, sb, sizeof sb); - nfrontp += sizeof sb; + output_datalen(sb, sizeof sb); DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { static unsigned char sb[] = { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - memmove(nfrontp, sb, sizeof sb); - nfrontp += sizeof sb; + output_datalen(sb, sizeof sb); DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_TTYPE)) { - memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); - nfrontp += sizeof ttytype_sbbuf; + output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, sizeof ttytype_sbbuf - 2);); } @@ -793,8 +788,7 @@ _gettermname() if (his_state_is_wont(TELOPT_TTYPE)) return; settimer(baseline); - memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); - nfrontp += sizeof ttytype_sbbuf; + output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf); DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, sizeof ttytype_sbbuf - 2);); while (sequenceIs(ttypesubopt, baseline)) @@ -1044,9 +1038,7 @@ telnet(f, p, host) * mode, which we do not want. */ if (his_want_state_is_will(TELOPT_ECHO)) { - DIAG(TD_OPTIONS, - {sprintf(nfrontp, "td: simulating recv\r\n"); - nfrontp += strlen(nfrontp);}); + DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n")); willoption(TELOPT_ECHO); } @@ -1181,9 +1173,7 @@ telnet(f, p, host) localstat(); #endif /* LINEMODE */ - DIAG(TD_REPORT, - {sprintf(nfrontp, "td: Entering processing loop\r\n"); - nfrontp += strlen(nfrontp);}); + DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n")); /* * Startup the login process on the slave side of the terminal @@ -1312,8 +1302,7 @@ telnet(f, p, host) netip = netibuf; } DIAG((TD_REPORT | TD_NETDATA), - {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); - nfrontp += strlen(nfrontp);}); + output_data("td: netread %d chars\r\n", ncc)); DIAG(TD_NETDATA, printdata("nd", netip, ncc)); } @@ -1360,8 +1349,7 @@ telnet(f, p, host) * royally if we send them urgent * mode data. */ - *nfrontp++ = IAC; - *nfrontp++ = DM; + output_data("%c%c", IAC, DM); neturg = nfrontp-1; /* off by one XXX */ DIAG(TD_OPTIONS, printoption("td: send IAC", DM)); @@ -1375,13 +1363,11 @@ telnet(f, p, host) ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; if (newflow != flowmode) { flowmode = newflow; - (void) sprintf(nfrontp, - "%c%c%c%c%c%c", + output_data("%c%c%c%c%c%c", IAC, SB, TELOPT_LFLOW, flowmode ? LFLOW_ON : LFLOW_OFF, IAC, SE); - nfrontp += 6; DIAG(TD_OPTIONS, printsub('>', (unsigned char *)nfrontp-4, 4);); @@ -1407,19 +1393,19 @@ telnet(f, p, host) break; c = *ptyip++ & 0377, pcc--; if (c == IAC) - *nfrontp++ = c; + output_data("%c", c); #if defined(CRAY2) && defined(UNICOS5) else if (c == '\n' && my_state_is_wont(TELOPT_BINARY) && newmap) - *nfrontp++ = '\r'; + output_data("\r"); #endif /* defined(CRAY2) && defined(UNICOS5) */ - *nfrontp++ = c; + output_data("%c", c); if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { if (pcc > 0 && ((*ptyip & 0377) == '\n')) { - *nfrontp++ = *ptyip++ & 0377; + output_data("%c", *ptyip++ & 0377); pcc--; } else - *nfrontp++ = '\0'; + output_data("%c", '\0'); } } #if defined(CRAY2) && defined(UNICOS5) @@ -1613,8 +1599,7 @@ recv_ayt() return; } #endif - (void) strcpy(nfrontp, "\r\n[Yes]\r\n"); - nfrontp += 9; + output_data("\r\n[Yes]\r\n"); } void diff --git a/contrib/telnet/telnetd/termstat.c b/contrib/telnet/telnetd/termstat.c index e94720c..30230d4 100644 --- a/contrib/telnet/telnetd/termstat.c +++ b/contrib/telnet/telnetd/termstat.c @@ -302,10 +302,9 @@ localstat() # endif /* KLUDGELINEMODE */ send_do(TELOPT_LINEMODE, 1); /* send along edit modes */ - (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, + output_data("%c%c%c%c%c%c%c", IAC, SB, TELOPT_LINEMODE, LM_MODE, useeditmode, IAC, SE); - nfrontp += 7; editmode = useeditmode; # ifdef KLUDGELINEMODE } @@ -331,10 +330,9 @@ localstat() /* * Send along appropriate edit mode mask. */ - (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, + output_data("%c%c%c%c%c%c%c", IAC, SB, TELOPT_LINEMODE, LM_MODE, useeditmode, IAC, SE); - nfrontp += 7; editmode = useeditmode; } @@ -378,20 +376,18 @@ flowstat() if (his_state_is_will(TELOPT_LFLOW)) { if (tty_flowmode() != flowmode) { flowmode = tty_flowmode(); - (void) sprintf(nfrontp, "%c%c%c%c%c%c", + output_data("%c%c%c%c%c%c", IAC, SB, TELOPT_LFLOW, flowmode ? LFLOW_ON : LFLOW_OFF, IAC, SE); - nfrontp += 6; } if (tty_restartany() != restartany) { restartany = tty_restartany(); - (void) sprintf(nfrontp, "%c%c%c%c%c%c", + output_data("%c%c%c%c%c%c", IAC, SB, TELOPT_LFLOW, restartany ? LFLOW_RESTART_ANY : LFLOW_RESTART_XON, IAC, SE); - nfrontp += 6; } } } @@ -464,10 +460,9 @@ clientstat(code, parm1, parm2) useeditmode |= MODE_SOFT_TAB; if (tty_islitecho()) useeditmode |= MODE_LIT_ECHO; - (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, + output_data("%c%c%c%c%c%c%c", IAC, SB, TELOPT_LINEMODE, LM_MODE, useeditmode, IAC, SE); - nfrontp += 7; editmode = useeditmode; } @@ -523,11 +518,10 @@ clientstat(code, parm1, parm2) set_termbuf(); if (!ack) { - (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, + output_data("%c%c%c%c%c%c%c", IAC, SB, TELOPT_LINEMODE, LM_MODE, useeditmode|MODE_ACK, IAC, SE); - nfrontp += 7; } editmode = useeditmode; diff --git a/contrib/telnet/telnetd/utility.c b/contrib/telnet/telnetd/utility.c index da01828..aa85d7a 100644 --- a/contrib/telnet/telnetd/utility.c +++ b/contrib/telnet/telnetd/utility.c @@ -71,8 +71,7 @@ ttloop() { void netflush(); - DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); - nfrontp += strlen(nfrontp);}); + DIAG(TD_REPORT, output_data("td: ttloop\r\n")); if (nfrontp-nbackp) { netflush(); } @@ -84,8 +83,7 @@ ttloop() syslog(LOG_INFO, "ttloop: peer died: %m"); exit(1); } - DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); - nfrontp += strlen(nfrontp);}); + DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc)); netip = netibuf; telrcv(); /* state machine */ if (ncc > 0) { @@ -128,9 +126,8 @@ ptyflush() int n; if ((n = pfrontp - pbackp) > 0) { - DIAG((TD_REPORT | TD_PTYDATA), - { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); - nfrontp += strlen(nfrontp); }); + DIAG(TD_REPORT | TD_PTYDATA, + output_data("td: ptyflush %d chars\r\n", n)); DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); n = write(pty, pbackp, n); } @@ -261,11 +258,9 @@ netflush() extern int not42; if ((n = nfrontp - nbackp) > 0) { - DIAG(TD_REPORT, - { sprintf(nfrontp, "td: netflush %d chars\r\n", n); - n += strlen(nfrontp); /* get count first */ - nfrontp += strlen(nfrontp); /* then move pointer */ - }); + DIAG(TD_REPORT, { + n += output_data("td: netflush %d chars\r\n", n); + }); #ifdef ENCRYPTION if (encrypt_output) { char *s = nclearto ? nclearto : nbackp; @@ -554,12 +549,11 @@ printoption(fmt, option) register int option; { if (TELOPT_OK(option)) - sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); + output_data("%s %s\r\n", fmt, TELOPT(option)); else if (TELCMD_OK(option)) - sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); + output_data("%s %s\r\n", fmt, TELCMD(option)); else - sprintf(nfrontp, "%s %d\r\n", fmt, option); - nfrontp += strlen(nfrontp); + output_data("%s %d\r\n", fmt, option); return; } @@ -575,9 +569,8 @@ printsub(direction, pointer, length) return; if (direction) { - sprintf(nfrontp, "td: %s suboption ", + output_data("td: %s suboption ", direction == '<' ? "recv" : "send"); - nfrontp += strlen(nfrontp); if (length >= 3) { register int j; @@ -585,232 +578,192 @@ printsub(direction, pointer, length) j = pointer[length-1]; if (i != IAC || j != SE) { - sprintf(nfrontp, "(terminated by "); - nfrontp += strlen(nfrontp); + output_data("(terminated by "); if (TELOPT_OK(i)) - sprintf(nfrontp, "%s ", TELOPT(i)); + output_data("%s ", TELOPT(i)); else if (TELCMD_OK(i)) - sprintf(nfrontp, "%s ", TELCMD(i)); + output_data("%s ", TELCMD(i)); else - sprintf(nfrontp, "%d ", i); - nfrontp += strlen(nfrontp); + output_data("%d ", i); if (TELOPT_OK(j)) - sprintf(nfrontp, "%s", TELOPT(j)); + output_data("%s", TELOPT(j)); else if (TELCMD_OK(j)) - sprintf(nfrontp, "%s", TELCMD(j)); + output_data("%s", TELCMD(j)); else - sprintf(nfrontp, "%d", j); - nfrontp += strlen(nfrontp); - sprintf(nfrontp, ", not IAC SE!) "); - nfrontp += strlen(nfrontp); + output_data("%d", j); + output_data(", not IAC SE!) "); } } length -= 2; } if (length < 1) { - sprintf(nfrontp, "(Empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data("(Empty suboption??\?)"); return; } switch (pointer[0]) { case TELOPT_TTYPE: - sprintf(nfrontp, "TERMINAL-TYPE "); - nfrontp += strlen(nfrontp); + output_data("TERMINAL-TYPE "); switch (pointer[1]) { case TELQUAL_IS: - sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); + output_data("IS \"%.*s\"", length-2, (char *)pointer+2); break; case TELQUAL_SEND: - sprintf(nfrontp, "SEND"); + output_data("SEND"); break; default: - sprintf(nfrontp, + output_data( "- unknown qualifier %d (0x%x).", pointer[1], pointer[1]); } - nfrontp += strlen(nfrontp); break; case TELOPT_TSPEED: - sprintf(nfrontp, "TERMINAL-SPEED"); - nfrontp += strlen(nfrontp); + output_data("TERMINAL-SPEED"); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } switch (pointer[1]) { case TELQUAL_IS: - sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); - nfrontp += strlen(nfrontp); + output_data(" IS %.*s", length-2, (char *)pointer+2); break; default: if (pointer[1] == 1) - sprintf(nfrontp, " SEND"); + output_data(" SEND"); else - sprintf(nfrontp, " %d (unknown)", pointer[1]); - nfrontp += strlen(nfrontp); + output_data(" %d (unknown)", pointer[1]); for (i = 2; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; } break; case TELOPT_LFLOW: - sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); - nfrontp += strlen(nfrontp); + output_data("TOGGLE-FLOW-CONTROL"); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } switch (pointer[1]) { case LFLOW_OFF: - sprintf(nfrontp, " OFF"); break; + output_data(" OFF"); break; case LFLOW_ON: - sprintf(nfrontp, " ON"); break; + output_data(" ON"); break; case LFLOW_RESTART_ANY: - sprintf(nfrontp, " RESTART-ANY"); break; + output_data(" RESTART-ANY"); break; case LFLOW_RESTART_XON: - sprintf(nfrontp, " RESTART-XON"); break; + output_data(" RESTART-XON"); break; default: - sprintf(nfrontp, " %d (unknown)", pointer[1]); + output_data(" %d (unknown)", pointer[1]); } - nfrontp += strlen(nfrontp); for (i = 2; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; case TELOPT_NAWS: - sprintf(nfrontp, "NAWS"); - nfrontp += strlen(nfrontp); + output_data("NAWS"); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } if (length == 2) { - sprintf(nfrontp, " ?%d?", pointer[1]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[1]); break; } - sprintf(nfrontp, " %d %d (%d)", + output_data(" %d %d (%d)", pointer[1], pointer[2], (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); - nfrontp += strlen(nfrontp); if (length == 4) { - sprintf(nfrontp, " ?%d?", pointer[3]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[3]); break; } - sprintf(nfrontp, " %d %d (%d)", + output_data(" %d %d (%d)", pointer[3], pointer[4], (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); - nfrontp += strlen(nfrontp); for (i = 5; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; case TELOPT_LINEMODE: - sprintf(nfrontp, "LINEMODE "); - nfrontp += strlen(nfrontp); + output_data("LINEMODE "); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } switch (pointer[1]) { case WILL: - sprintf(nfrontp, "WILL "); + output_data("WILL "); goto common; case WONT: - sprintf(nfrontp, "WONT "); + output_data("WONT "); goto common; case DO: - sprintf(nfrontp, "DO "); + output_data("DO "); goto common; case DONT: - sprintf(nfrontp, "DONT "); + output_data("DONT "); common: - nfrontp += strlen(nfrontp); if (length < 3) { - sprintf(nfrontp, "(no option??\?)"); - nfrontp += strlen(nfrontp); + output_data("(no option??\?)"); break; } switch (pointer[2]) { case LM_FORWARDMASK: - sprintf(nfrontp, "Forward Mask"); - nfrontp += strlen(nfrontp); + output_data("Forward Mask"); for (i = 3; i < length; i++) { - sprintf(nfrontp, " %x", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %x", pointer[i]); } break; default: - sprintf(nfrontp, "%d (unknown)", pointer[2]); - nfrontp += strlen(nfrontp); + output_data("%d (unknown)", pointer[2]); for (i = 3; i < length; i++) { - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i]); } break; } break; case LM_SLC: - sprintf(nfrontp, "SLC"); - nfrontp += strlen(nfrontp); + output_data("SLC"); for (i = 2; i < length - 2; i += 3) { if (SLC_NAME_OK(pointer[i+SLC_FUNC])) - sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); + output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC])); else - sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i+SLC_FUNC]); switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { case SLC_NOSUPPORT: - sprintf(nfrontp, " NOSUPPORT"); break; + output_data(" NOSUPPORT"); break; case SLC_CANTCHANGE: - sprintf(nfrontp, " CANTCHANGE"); break; + output_data(" CANTCHANGE"); break; case SLC_VARIABLE: - sprintf(nfrontp, " VARIABLE"); break; + output_data(" VARIABLE"); break; case SLC_DEFAULT: - sprintf(nfrontp, " DEFAULT"); break; + output_data(" DEFAULT"); break; } - nfrontp += strlen(nfrontp); - sprintf(nfrontp, "%s%s%s", + output_data("%s%s%s", pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); - nfrontp += strlen(nfrontp); if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| SLC_FLUSHOUT| SLC_LEVELBITS)) { - sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); - nfrontp += strlen(nfrontp); + output_data("(0x%x)", pointer[i+SLC_FLAGS]); } - sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); - nfrontp += strlen(nfrontp); + output_data(" %d;", pointer[i+SLC_VALUE]); if ((pointer[i+SLC_VALUE] == IAC) && (pointer[i+SLC_VALUE+1] == IAC)) i++; } for (; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; case LM_MODE: - sprintf(nfrontp, "MODE "); - nfrontp += strlen(nfrontp); + output_data("MODE "); if (length < 3) { - sprintf(nfrontp, "(no mode??\?)"); - nfrontp += strlen(nfrontp); + output_data("(no mode??\?)"); break; } { @@ -821,24 +774,19 @@ printsub(direction, pointer, length) pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", pointer[2]&MODE_ACK ? "|ACK" : ""); - sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); - nfrontp += strlen(nfrontp); + output_data("%s", tbuf[1] ? &tbuf[1] : "0"); } if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { - sprintf(nfrontp, " (0x%x)", pointer[2]); - nfrontp += strlen(nfrontp); + output_data(" (0x%x)", pointer[2]); } for (i = 3; i < length; i++) { - sprintf(nfrontp, " ?0x%x?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?0x%x?", pointer[i]); } break; default: - sprintf(nfrontp, "%d (unknown)", pointer[1]); - nfrontp += strlen(nfrontp); + output_data("%d (unknown)", pointer[1]); for (i = 2; i < length; i++) { - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i]); } } break; @@ -847,24 +795,20 @@ printsub(direction, pointer, length) register char *cp; register int j, k; - sprintf(nfrontp, "STATUS"); - nfrontp += strlen(nfrontp); + output_data("STATUS"); switch (pointer[1]) { default: if (pointer[1] == TELQUAL_SEND) - sprintf(nfrontp, " SEND"); + output_data(" SEND"); else - sprintf(nfrontp, " %d (unknown)", pointer[1]); - nfrontp += strlen(nfrontp); + output_data(" %d (unknown)", pointer[1]); for (i = 2; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; case TELQUAL_IS: - sprintf(nfrontp, " IS\r\n"); - nfrontp += strlen(nfrontp); + output_data(" IS\r\n"); for (i = 2; i < length; i++) { switch(pointer[i]) { @@ -875,18 +819,15 @@ printsub(direction, pointer, length) common2: i++; if (TELOPT_OK(pointer[i])) - sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); + output_data(" %s %s", cp, TELOPT(pointer[i])); else - sprintf(nfrontp, " %s %d", cp, pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %s %d", cp, pointer[i]); - sprintf(nfrontp, "\r\n"); - nfrontp += strlen(nfrontp); + output_data("\r\n"); break; case SB: - sprintf(nfrontp, " SB "); - nfrontp += strlen(nfrontp); + output_data(" SB "); i++; j = k = i; while (j < length) { @@ -902,20 +843,17 @@ printsub(direction, pointer, length) } printsub(0, &pointer[i], k - i); if (i < length) { - sprintf(nfrontp, " SE"); - nfrontp += strlen(nfrontp); + output_data(" SE"); i = j; } else i = j - 1; - sprintf(nfrontp, "\r\n"); - nfrontp += strlen(nfrontp); + output_data("\r\n"); break; default: - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i]); break; } } @@ -925,86 +863,77 @@ printsub(direction, pointer, length) } case TELOPT_XDISPLOC: - sprintf(nfrontp, "X-DISPLAY-LOCATION "); - nfrontp += strlen(nfrontp); + output_data("X-DISPLAY-LOCATION "); switch (pointer[1]) { case TELQUAL_IS: - sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); + output_data("IS \"%.*s\"", length-2, (char *)pointer+2); break; case TELQUAL_SEND: - sprintf(nfrontp, "SEND"); + output_data("SEND"); break; default: - sprintf(nfrontp, "- unknown qualifier %d (0x%x).", + output_data("- unknown qualifier %d (0x%x).", pointer[1], pointer[1]); } - nfrontp += strlen(nfrontp); break; case TELOPT_NEW_ENVIRON: - sprintf(nfrontp, "NEW-ENVIRON "); + output_data("NEW-ENVIRON "); goto env_common1; case TELOPT_OLD_ENVIRON: - sprintf(nfrontp, "OLD-ENVIRON"); + output_data("OLD-ENVIRON"); env_common1: - nfrontp += strlen(nfrontp); switch (pointer[1]) { case TELQUAL_IS: - sprintf(nfrontp, "IS "); + output_data("IS "); goto env_common; case TELQUAL_SEND: - sprintf(nfrontp, "SEND "); + output_data("SEND "); goto env_common; case TELQUAL_INFO: - sprintf(nfrontp, "INFO "); + output_data("INFO "); env_common: - nfrontp += strlen(nfrontp); { register int noquote = 2; for (i = 2; i < length; i++ ) { switch (pointer[i]) { case NEW_ENV_VAR: - sprintf(nfrontp, "\" VAR " + noquote); - nfrontp += strlen(nfrontp); + output_data("\" VAR " + noquote); noquote = 2; break; case NEW_ENV_VALUE: - sprintf(nfrontp, "\" VALUE " + noquote); - nfrontp += strlen(nfrontp); + output_data("\" VALUE " + noquote); noquote = 2; break; case ENV_ESC: - sprintf(nfrontp, "\" ESC " + noquote); - nfrontp += strlen(nfrontp); + output_data("\" ESC " + noquote); noquote = 2; break; case ENV_USERVAR: - sprintf(nfrontp, "\" USERVAR " + noquote); - nfrontp += strlen(nfrontp); + output_data("\" USERVAR " + noquote); noquote = 2; break; default: if (isprint(pointer[i]) && pointer[i] != '"') { if (noquote) { - *nfrontp++ = '"'; + output_data("\""); noquote = 0; } - *nfrontp++ = pointer[i]; + output_data("%c", pointer[i]); } else { - sprintf(nfrontp, "\" %03o " + noquote, + output_data("\" %03o " + noquote, pointer[i]); - nfrontp += strlen(nfrontp); noquote = 2; } break; } } if (!noquote) - *nfrontp++ = '"'; + output_data("\""); break; } } @@ -1012,83 +941,66 @@ printsub(direction, pointer, length) #if defined(AUTHENTICATION) case TELOPT_AUTHENTICATION: - sprintf(nfrontp, "AUTHENTICATION"); - nfrontp += strlen(nfrontp); + output_data("AUTHENTICATION"); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } switch (pointer[1]) { case TELQUAL_REPLY: case TELQUAL_IS: - sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? + output_data(" %s ", (pointer[1] == TELQUAL_IS) ? "IS" : "REPLY"); - nfrontp += strlen(nfrontp); if (AUTHTYPE_NAME_OK(pointer[2])) - sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); + output_data("%s ", AUTHTYPE_NAME(pointer[2])); else - sprintf(nfrontp, "%d ", pointer[2]); - nfrontp += strlen(nfrontp); + output_data("%d ", pointer[2]); if (length < 3) { - sprintf(nfrontp, "(partial suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data("(partial suboption??\?)"); break; } - sprintf(nfrontp, "%s|%s", + output_data("%s|%s", ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? "MUTUAL" : "ONE-WAY"); - nfrontp += strlen(nfrontp); { char buf[512]; auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); - sprintf(nfrontp, "%s", buf); + output_data("%s", buf); } - nfrontp += strlen(nfrontp); break; case TELQUAL_SEND: i = 2; - sprintf(nfrontp, " SEND "); - nfrontp += strlen(nfrontp); + output_data(" SEND "); while (i < length) { if (AUTHTYPE_NAME_OK(pointer[i])) - sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); + output_data("%s ", AUTHTYPE_NAME(pointer[i])); else - sprintf(nfrontp, "%d ", pointer[i]); - nfrontp += strlen(nfrontp); + output_data("%d ", pointer[i]); if (++i >= length) { - sprintf(nfrontp, "(partial suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data("(partial suboption??\?)"); break; } - sprintf(nfrontp, "%s|%s ", + output_data("%s|%s ", ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? "MUTUAL" : "ONE-WAY"); - nfrontp += strlen(nfrontp); ++i; } break; case TELQUAL_NAME: - i = 2; - sprintf(nfrontp, " NAME \""); - nfrontp += strlen(nfrontp); - while (i < length) - *nfrontp += pointer[i++]; - *nfrontp += '"'; + output_data(" NAME \"%.*s\"", length - 2, pointer + 2); break; default: for (i = 2; i < length; i++) { - sprintf(nfrontp, " ?%d?", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" ?%d?", pointer[i]); } break; } @@ -1097,89 +1009,73 @@ printsub(direction, pointer, length) #ifdef ENCRYPTION case TELOPT_ENCRYPT: - sprintf(nfrontp, "ENCRYPT"); - nfrontp += strlen(nfrontp); + output_data("ENCRYPT"); if (length < 2) { - sprintf(nfrontp, " (empty suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (empty suboption??\?)"); break; } switch (pointer[1]) { case ENCRYPT_START: - sprintf(nfrontp, " START"); - nfrontp += strlen(nfrontp); + output_data(" START"); break; case ENCRYPT_END: - sprintf(nfrontp, " END"); - nfrontp += strlen(nfrontp); + output_data(" END"); break; case ENCRYPT_REQSTART: - sprintf(nfrontp, " REQUEST-START"); - nfrontp += strlen(nfrontp); + output_data(" REQUEST-START"); break; case ENCRYPT_REQEND: - sprintf(nfrontp, " REQUEST-END"); - nfrontp += strlen(nfrontp); + output_data(" REQUEST-END"); break; case ENCRYPT_IS: case ENCRYPT_REPLY: - sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? + output_data(" %s ", (pointer[1] == ENCRYPT_IS) ? "IS" : "REPLY"); - nfrontp += strlen(nfrontp); if (length < 3) { - sprintf(nfrontp, " (partial suboption??\?)"); - nfrontp += strlen(nfrontp); + output_data(" (partial suboption??\?)"); break; } if (ENCTYPE_NAME_OK(pointer[2])) - sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); + output_data("%s ", ENCTYPE_NAME(pointer[2])); else - sprintf(nfrontp, " %d (unknown)", pointer[2]); - nfrontp += strlen(nfrontp); + output_data(" %d (unknown)", pointer[2]); { char buf[512]; encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); - sprintf(nfrontp, "%s", buf); + output_data("%s", buf); } - nfrontp += strlen(nfrontp); break; case ENCRYPT_SUPPORT: i = 2; - sprintf(nfrontp, " SUPPORT "); - nfrontp += strlen(nfrontp); + output_data(" SUPPORT "); while (i < length) { if (ENCTYPE_NAME_OK(pointer[i])) - sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); + output_data("%s ", ENCTYPE_NAME(pointer[i])); else - sprintf(nfrontp, "%d ", pointer[i]); - nfrontp += strlen(nfrontp); + output_data("%d ", pointer[i]); i++; } break; case ENCRYPT_ENC_KEYID: - sprintf(nfrontp, " ENC_KEYID"); - nfrontp += strlen(nfrontp); + output_data(" ENC_KEYID"); goto encommon; case ENCRYPT_DEC_KEYID: - sprintf(nfrontp, " DEC_KEYID"); - nfrontp += strlen(nfrontp); + output_data(" DEC_KEYID"); goto encommon; default: - sprintf(nfrontp, " %d (unknown)", pointer[1]); - nfrontp += strlen(nfrontp); + output_data(" %d (unknown)", pointer[1]); encommon: for (i = 2; i < length; i++) { - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i]); } break; } @@ -1188,18 +1084,15 @@ printsub(direction, pointer, length) default: if (TELOPT_OK(pointer[0])) - sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); + output_data("%s (unknown)", TELOPT(pointer[0])); else - sprintf(nfrontp, "%d (unknown)", pointer[i]); - nfrontp += strlen(nfrontp); + output_data("%d (unknown)", pointer[i]); for (i = 1; i < length; i++) { - sprintf(nfrontp, " %d", pointer[i]); - nfrontp += strlen(nfrontp); + output_data(" %d", pointer[i]); } break; } - sprintf(nfrontp, "\r\n"); - nfrontp += strlen(nfrontp); + output_data("\r\n"); } /* @@ -1221,26 +1114,22 @@ printdata(tag, ptr, cnt) } /* add a line of output */ - sprintf(nfrontp, "%s: ", tag); - nfrontp += strlen(nfrontp); + output_data("%s: ", tag); for (i = 0; i < 20 && cnt; i++) { - sprintf(nfrontp, "%02x", *ptr); - nfrontp += strlen(nfrontp); + output_data("%02x", *ptr); if (isprint(*ptr)) { xbuf[i] = *ptr; } else { xbuf[i] = '.'; } if (i % 2) { - *nfrontp = ' '; - nfrontp++; + output_data(" "); } cnt--; ptr++; } xbuf[i] = '\0'; - sprintf(nfrontp, " %s\r\n", xbuf ); - nfrontp += strlen(nfrontp); + output_data(" %s\r\n", xbuf ); } } #endif /* DIAGNOSTICS */ |