freebsd-dev/crypto/telnet/telnetd
Ruslan Ermilov 40e7fc1a20 More potential buffer overflow fixes.
o Fixed `nfrontp' calculations in output_data().  If `remaining' is
  initially zero, it was possible for `nfrontp' to be decremented.

Noticed by:	dillon

o Replaced leaking writenet() with output_datalen():

:  * writenet
:  *
:  * Just a handy little function to write a bit of raw data to the net.
:  * It will force a transmit of the buffer if necessary
:  *
:  * arguments
:  *    ptr - A pointer to a character string to write
:  *    len - How many bytes to write
:  */
: 	void
: writenet(ptr, len)
: 	register unsigned char *ptr;
: 	register int len;
: {
: 	/* flush buffer if no room for new data) */
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
: 		/* if this fails, don't worry, buffer is a little big */
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: 		netflush();
: 	}
:
: 	memmove(nfrontp, ptr, len);
: 	nfrontp += len;
:
: }  /* end of writenet */

What an irony!  :-)

o Optimized output_datalen() a bit.
2001-07-20 12:02:30 +00:00
..
authenc.c Fixed the exploitable remote buffer overflow. 2001-07-19 17:48:57 +00:00
defs.h Initial import of BSD telnet. This will be used to build the kerberised 1997-09-04 06:11:16 +00:00
ext.h More potential buffer overflow fixes. 2001-07-20 12:02:30 +00:00
global.c $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
pathnames.h Synch: Add $FreeBSD$. 2001-02-07 21:58:16 +00:00
slc.c More potential buffer overflow fixes. 2001-07-20 12:02:30 +00:00
state.c More potential buffer overflow fixes. 2001-07-20 12:02:30 +00:00
sys_term.c (scrub_env): change to only accept a listed set of variables, 2000-12-10 20:50:20 +00:00
telnetd.8 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 10:42:19 +00:00
telnetd.c Fixed the exploitable remote buffer overflow. 2001-07-19 17:48:57 +00:00
telnetd.h Initial import of BSD telnet. This will be used to build the kerberised 1997-09-04 06:11:16 +00:00
termstat.c Fixed the exploitable remote buffer overflow. 2001-07-19 17:48:57 +00:00
utility.c More potential buffer overflow fixes. 2001-07-20 12:02:30 +00:00