1 --- netkit-telnet-0.17/telnet/telnet.c.CAN-2005-468_469 2005-03-17 13:48:58.000000000 +0100
2 +++ netkit-telnet-0.17/telnet/telnet.c 2005-03-17 14:02:27.000000000 +0100
3 @@ -1310,22 +1310,66 @@
7 -unsigned char slc_reply[128];
8 +#define SLC_REPLY_SIZE 128
9 +unsigned char *slc_reply;
10 unsigned char *slc_replyp;
11 +unsigned char *slc_replyend;
16 + slc_reply = (unsigned char *)malloc(SLC_REPLY_SIZE);
17 + if (slc_reply == NULL) {
18 +/*@*/ printf("slc_start_reply: malloc()/realloc() failed!!!\n");
19 + slc_reply = slc_replyp = slc_replyend = NULL;
23 slc_replyp = slc_reply;
24 + slc_replyend = slc_reply + SLC_REPLY_SIZE;
27 *slc_replyp++ = TELOPT_LINEMODE;
28 *slc_replyp++ = LM_SLC;
32 +slc_assure_buffer(int want_len);
35 +slc_assure_buffer(int want_len)
37 + if ((slc_replyp + want_len) >= slc_replyend) {
39 + int old_len = slc_replyp - slc_reply;
43 + + (want_len / SLC_REPLY_SIZE + 1) * SLC_REPLY_SIZE;
44 + p = (unsigned char *)realloc(slc_reply, len);
48 + if (slc_reply == NULL) {
49 +/*@*/ printf("slc_add_reply: realloc() failed!!!\n");
50 + slc_reply = slc_replyp = slc_replyend = NULL;
53 + slc_replyp = slc_reply + old_len;
54 + slc_replyend = slc_reply + len;
60 slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
62 + if (slc_assure_buffer(6))
65 + if (slc_replyp == NULL)
68 if ((*slc_replyp++ = func) == IAC)
70 if ((*slc_replyp++ = flags) == IAC)
71 @@ -1339,6 +1383,12 @@
75 + if (slc_assure_buffer(2))
78 + if (slc_replyp == NULL)
83 len = slc_replyp - slc_reply;
88 -#define OPT_REPLY_SIZE 256
89 +#define OPT_REPLY_SIZE 1024
90 unsigned char *opt_reply;
91 unsigned char *opt_replyp;
92 unsigned char *opt_replyend;
93 @@ -1490,10 +1540,38 @@
94 env_opt_start_info(void)
98 + if (opt_replyp && (opt_replyp > opt_reply))
99 opt_replyp[-1] = TELQUAL_INFO;
103 +env_opt_assure_buffer(int want_len);
106 +env_opt_assure_buffer(int want_len)
108 + if ((opt_replyp + want_len) >= opt_replyend) {
111 + int old_len = opt_replyp - opt_reply;
114 + + (want_len / OPT_REPLY_SIZE + 1) * OPT_REPLY_SIZE;
115 + p = (unsigned char *)realloc(opt_reply, len);
119 + if (opt_reply == NULL) {
120 +/*@*/ printf("env_opt_add: realloc() failed!!!\n");
121 + opt_reply = opt_replyp = opt_replyend = NULL;
124 + opt_replyp = opt_reply + old_len;
125 + opt_replyend = opt_reply + len;
131 env_opt_add(unsigned char *ep)
133 @@ -1515,25 +1593,12 @@
136 vp = env_getvalue(ep, 1);
137 - if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
138 - strlen((char *)ep) + 6 > opt_replyend)
142 - opt_replyend += OPT_REPLY_SIZE;
143 - len = opt_replyend - opt_reply;
144 - p = (unsigned char *)realloc(opt_reply, len);
148 - if (opt_reply == NULL) {
149 -/*@*/ printf("env_opt_add: realloc() failed!!!\n");
150 - opt_reply = opt_replyp = opt_replyend = NULL;
153 - opt_replyp = opt_reply + len - (opt_replyend - opt_replyp);
154 - opt_replyend = opt_reply + len;
157 + /* use the double length in case it gots escaped */
158 + if (env_opt_assure_buffer((vp ? strlen((char *)vp)*2 : 0) +
159 + strlen((char *)ep)*2 + 6))
162 if (opt_welldefined((char *)ep))
164 if (telopt_environ == TELOPT_OLD_ENVIRON)
165 @@ -1588,8 +1653,14 @@
169 + if (opt_reply == NULL) /*XXX*/
173 len = opt_replyp - opt_reply + 2;
174 if (emptyok || len > 6) {
175 + if (env_opt_assure_buffer(2))
179 if (NETROOM() > len) {