https://gitlab.synchro.net/main/sbbs/-/commit/6986bd4168837eed5e5593a2
Modified Files:
src/syncterm/telnet_io.c
Log Message:
Fix telnet parser getting stuck on long subnegotiations
telnet_interpret() stores incoming subnegotiation bytes in
telnet_cmd[64]. When the buffer fills, telnet_cmdlen stays at 64
and no further bytes are stored. The IAC SE termination check at telnet_cmd[telnet_cmdlen-2] then reads stale data and can never
match, so the parser permanently stays in SB mode and swallows all
subsequent terminal output.
Fix: when the buffer is full, slide the last two bytes forward so
that position [62] always holds the previous byte and [63] holds the
current byte. The existing telnet_cmd[telnet_cmdlen-2] check then
sees a fresh IAC when it arrives, and correctly terminates the
subnegotiation.
A malicious (or just chatty) server sending e.g. a >64-byte
ENVIRON or NEW-ENVIRON SB would trigger this.
Co-Authored-By: Claude Opus 4.6 <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net