1. Forum
  2. FidoNet Int
  3. sync programming

  • src/syncterm/telnet_io.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/6986bd4168837eed5e5593a2
    Modified Files:
    src/syncterm/telnet_io.c
    Log Message:
    Fix telnet parser getting stuck on long subnegotiations

    telnet_interpret() stores incoming subnegotiation bytes in
    telnet_cmd[64]. When the buffer fills, telnet_cmdlen stays at 64
    and no further bytes are stored. The IAC SE termination check at telnet_cmd[telnet_cmdlen-2] then reads stale data and can never
    match, so the parser permanently stays in SB mode and swallows all
    subsequent terminal output.

    Fix: when the buffer is full, slide the last two bytes forward so
    that position [62] always holds the previous byte and [63] holds the
    current byte. The existing telnet_cmd[telnet_cmdlen-2] check then
    sees a fresh IAC when it arrives, and correctly terminates the
    subnegotiation.

    A malicious (or just chatty) server sending e.g. a >64-byte
    ENVIRON or NEW-ENVIRON SB would trigger this.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)