simple fixes for buffer overflows in telnet:// tn3270:// and rlogin:/…

…/ and a fix for stupid handling of username for rlogin:// (which is passed to system()...)
avsm · May 20, 2009 · 4cfeb15 · 4cfeb15
1 parent 4433621
commit 4cfeb15
Showing 1 changed file with 20 additions and 38 deletions.
diff --git a/WWW/Library/Implementation/HTTelnet.c b/WWW/Library/Implementation/HTTelnet.c
@@ -68,9 +68,8 @@ PRIVATE int remote_session ARGS2(char *, acc_method, char *, host)
 	 *  *cp=0;  / * terminate at any ;,<,>,`,|,",' or space or return
 	 *  or tab to prevent security whole
 	 */
-	for(cp = (strchr(host, '@') ? strchr(host, '@') : host); *cp != '\0';
-		cp++)	{
-	    if(!isalnum(UCH(*cp)) && *cp != '_' && *cp != '-' &&
+	for(cp = host; *cp != '\0'; cp++) {
+	    if(!isalnum(*cp) && *cp != '_' && *cp != '-' &&
 				*cp != ':' && *cp != '.' && *cp != '@') {
 		*cp = '\0';
 		break;
@@ -169,41 +168,24 @@ PRIVATE int remote_session ARGS2(char *, acc_method, char *, host)
 #define TELNET_DONE
 #endif
 
-/* Most unix machines support username only with rlogin */
-#if !defined(TELNET_DONE) && (defined(UNIX) || defined(DOSPATH) || defined(__CYGWIN__))
-
-#define FMT_RLOGIN "%s %s%s%s"
-#define FMT_TN3270 "%s %s %s"
-#define FMT_TELNET "%s %s %s"
-
-	switch (login_protocol) {
-	case rlogin:
-	    if ((program = HTGetProgramPath(ppRLOGIN)) != NULL) {
-		HTAddParam(&command, FMT_RLOGIN, 1, program);
-		HTAddParam(&command, FMT_RLOGIN, 2, hostname);
-		HTOptParam(&command, FMT_RLOGIN, 3, user ? " -l " : "");
-		HTAddParam(&command, FMT_RLOGIN, 4, user);
-		HTEndParam(&command, FMT_RLOGIN, 4);
-	    }
-	    break;
-
-	case tn3270:
-	    if ((program = HTGetProgramPath(ppTN3270)) != NULL) {
-		HTAddParam(&command, FMT_TN3270, 1, program);
-		HTAddParam(&command, FMT_TN3270, 2, hostname);
-		HTAddParam(&command, FMT_TN3270, 3, port);
-		HTEndParam(&command, FMT_TN3270, 3);
-	    }
-	    break;
-
-	case telnet:
-	    if ((program = HTGetProgramPath(ppTELNET)) != NULL) {
-		HTAddParam(&command, FMT_TELNET, 1, program);
-		HTAddParam(&command, FMT_TELNET, 2, hostname);
-		HTAddParam(&command, FMT_TELNET, 3, port);
-		HTEndParam(&command, FMT_TELNET, 3);
-	    }
-	    break;
+/* Most unix machines suppport username only with rlogin */
+#if defined(unix) || defined(DOSPATH)
+#ifndef TELNET_DONE
+	if (login_protocol == rlogin) {
+	    snprintf(command, sizeof(command) - 1, "%s %s%s%s", RLOGIN_COMMAND,
+		hostname,
+		user ? " -l " : "",
+		user ? user : "");
+
+	} else if (login_protocol == tn3270) {
+	    snprintf(command, sizeof(command) - 1, "%s %s %s", TN3270_COMMAND,
+		hostname,
+		port ? port : "");
+
+	} else {  /* TELNET */
+	    snprintf(command, sizeof(command) - 1, "%s %s %s", TELNET_COMMAND,
+		hostname,
+		port ? port : "");
 	}
 
         LYSystem(command);