jdd@allegra.UUCP (11/08/83)
There are several bugs in telnetd(8) in 4.2BSD.
First, it loses characters from the remote side. There's a place in
telnet() where it reads bytes from the pty and stores them in netobuf[] (via
*nfrontp++), to be written by a netflush(). If it can't fit them all at
once (perhaps because a previous netflush() couldn't empty netobuf[]), it
throws the rest away. As a result, if the network doesn't run quite as fast
as you'd expected, you lose characters. (We're running on a network with a
small IP packet size, so this happens frequently.)
At least this is better than all of the sprintf's into netobuf[] (via
nfrontp) that don't even check whether there is space remaining or not. By
the mechanism above, these have a very good chance at overrunning the end of
the array.
Oh, and there are variables, like "pcc" and "options", that are referenced
before they are used. This is at best poor coding style.
I have also noticed that when telnetd(8) logs me in, it does it in such a
way as not to mention me in /etc/utmp or /usr/adm/wtmp. More on this later.
Cheers,
John ("Barely Here") DeTreville
Bell Labs, Murray Hill