diff options
author | paul <paul> | 2003-10-15 23:08:55 +0000 |
---|---|---|
committer | paul <paul> | 2003-10-15 23:08:55 +0000 |
commit | 5b8c1b0d6af736b0633309b4b3490298b9a20742 (patch) | |
tree | 9ffdf1bfbb4d4ecc5d3a26e265fbc98c9869ed96 | |
parent | 79ad27982af1440a841298b684d94732ae07d003 (diff) |
2003-10-15 Jay Fenlason <fenlason@redhat.com>
* lib/vty.c: (vty_telnet_option) Remote DoS exists if a telnet
end-sub-negotation is sent when no sub-negotation data has been
sent. Return immediately if no sub-negotation is in progress.
(vty_read) do not attempt to process options if no sub-negotation
is in progress.
-rw-r--r-- | lib/vty.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -1140,13 +1140,16 @@ vty_telnet_option (struct vty *vty, unsigned char *buf, int nbytes) break; case SE: { - char *buffer = (char *)vty->sb_buffer->head->data; - int length = vty->sb_buffer->length; + char *buffer; + int length; - if (buffer == NULL) + if (!vty->iac_sb_in_progress) return 0; - if (!vty->iac_sb_in_progress) + buffer = (char *)vty->sb_buffer->head->data; + length = vty->sb_buffer->length; + + if (buffer == NULL) return 0; if (buffer[0] == '\0') @@ -1251,7 +1254,6 @@ static int vty_read (struct thread *thread) { int i; - int ret; int nbytes; unsigned char buf[VTY_READ_BUFSIZ]; @@ -1288,11 +1290,14 @@ vty_read (struct thread *thread) if (vty->iac) { /* In case of telnet command */ - ret = vty_telnet_option (vty, buf + i, nbytes - i); + int ret = 0; + if (vty->iac_sb_in_progress) + ret = vty_telnet_option (vty, buf + i, nbytes - i); vty->iac = 0; i += ret; continue; } + if (vty->status == VTY_MORE) { |