1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/syncterm/telnet_io.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Thursday, April 03, 2025 05:20:12
    https://gitlab.synchro.net/main/sbbs/-/commit/9a9a81ea0a4c6a5666ca5ae0
    Modified Files:
    src/syncterm/telnet_io.c
    Log Message:
    Fix telnet binary mode tracking.

    When SyncTERM started by enabling binary mode in both directions,
    the internal tracking of the binary status wasn't updated, so it
    was incorrectly tracked as being in NVT mode. After a file
    transfer, it would then revert to the NVT mode it throught it was
    in.

    This change updates the binary mode value when sending as well as
    receiving TELNET_BINARY_TX.

    This is still technically broken though since binary mode is
    negotiated separately in each direction, and the initial send of
    WILL + DO is actually a pair of requests that need to be confirmed
    by the remote. Until they are confirmed, the connection is still
    in NVT mode.

    Hopefully though this isn't an issue since the remote should reply
    to both, and if it denies there's no effective difference between
    what we should do when already in binary mode and not because we
    don't support any other modes (such as CHARSET option). Fixing it
    correctly would get very complex and involve blocking the connection
    until we get a response.
    --- SBBSecho 3.24-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, March 15, 2026 01:06:05
    https://gitlab.synchro.net/main/sbbs/-/commit/6986bd4168837eed5e5593a2
    Modified Files:
    src/syncterm/telnet_io.c
    Log Message:
    Fix telnet parser getting stuck on long subnegotiations

    telnet_interpret() stores incoming subnegotiation bytes in
    telnet_cmd[64]. When the buffer fills, telnet_cmdlen stays at 64
    and no further bytes are stored. The IAC SE termination check at telnet_cmd[telnet_cmdlen-2] then reads stale data and can never
    match, so the parser permanently stays in SB mode and swallows all
    subsequent terminal output.

    Fix: when the buffer is full, slide the last two bytes forward so
    that position [62] always holds the previous byte and [63] holds the
    current byte. The existing telnet_cmd[telnet_cmdlen-2] check then
    sees a fresh IAC when it arrives, and correctly terminates the
    subnegotiation.

    A malicious (or just chatty) server sending e.g. a >64-byte
    ENVIRON or NEW-ENVIRON SB would trigger this.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)