mudlet-makers team mailing list archive
-
mudlet-makers team
-
Mailing list archive
-
Message #02222
[Bug 1055950] [NEW] Truncating data building with VS2010 in ctelnet.h
*** This bug is a security vulnerability ***
Private security bug reported:
Fairly simple correction, as it just requires unsigned explicitly. Does
not seem to affect building on linux, no clue about mac.
In ctelnet.h....
Replace the relevant section with this.
In the MSV compilers, the compiler complains of truncated data (not being explicitly unsigned, they can truncate data).
So, make sure we have the full 8 bits by explicitly defining char
unsigned.
const unsigned char TN_SE = 240;
const unsigned char TN_NOP = 241;
const unsigned char TN_DM = 242;
const unsigned char TN_B = 243;
const unsigned char TN_IP = 244;
const unsigned char TN_AO = 245;
const unsigned char TN_AYT = 246;
const unsigned char TN_EC = 247;
const unsigned char TN_EL = 248;
const unsigned char TN_GA = 249;
const unsigned char TN_SB = 250;
const unsigned char TN_WILL = 251;
const unsigned char TN_WONT = 252;
const unsigned char TN_DO = 253;
const unsigned char TN_DONT = 254;
const unsigned char TN_IAC = 255;
const unsigned char GMCP = 201; /* GMCP */
const unsigned char MXP = 91; //MXP
const unsigned char OPT_ECHO = 1;
const unsigned char OPT_SUPPRESS_GA = 3;
const unsigned char OPT_STATUS = 5;
const unsigned char OPT_TIMING_MARK = 6;
const unsigned char OPT_TERMINAL_TYPE = 24;
const unsigned char OPT_NAWS = 31;
const unsigned char OPT_COMPRESS = 85;
const unsigned char OPT_COMPRESS2 = 86;
const unsigned char OPT_MSP = 90;
const unsigned char OPT_MXP = 91;
const unsigned char TNSB_IS = 0;
const unsigned char TNSB_SEND = 1;
This resolves that number of warning per file in a lot of files too.
If someone built it and it trucates, it would allow a malicious user to
send data to control pretty much anything, seeing as triggers could be
abused in 'perfect' ways (the scripting system pretty much gives
incoming stuff total control, if abused right)
** Affects: mudlet
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Mudlet
Makers, which is subscribed to Mudlet.
https://bugs.launchpad.net/bugs/1055950
Title:
Truncating data building with VS2010 in ctelnet.h
Status in Mudlet the MUD client:
New
Bug description:
Fairly simple correction, as it just requires unsigned explicitly.
Does not seem to affect building on linux, no clue about mac.
In ctelnet.h....
Replace the relevant section with this.
In the MSV compilers, the compiler complains of truncated data (not being explicitly unsigned, they can truncate data).
So, make sure we have the full 8 bits by explicitly defining char
unsigned.
const unsigned char TN_SE = 240;
const unsigned char TN_NOP = 241;
const unsigned char TN_DM = 242;
const unsigned char TN_B = 243;
const unsigned char TN_IP = 244;
const unsigned char TN_AO = 245;
const unsigned char TN_AYT = 246;
const unsigned char TN_EC = 247;
const unsigned char TN_EL = 248;
const unsigned char TN_GA = 249;
const unsigned char TN_SB = 250;
const unsigned char TN_WILL = 251;
const unsigned char TN_WONT = 252;
const unsigned char TN_DO = 253;
const unsigned char TN_DONT = 254;
const unsigned char TN_IAC = 255;
const unsigned char GMCP = 201; /* GMCP */
const unsigned char MXP = 91; //MXP
const unsigned char OPT_ECHO = 1;
const unsigned char OPT_SUPPRESS_GA = 3;
const unsigned char OPT_STATUS = 5;
const unsigned char OPT_TIMING_MARK = 6;
const unsigned char OPT_TERMINAL_TYPE = 24;
const unsigned char OPT_NAWS = 31;
const unsigned char OPT_COMPRESS = 85;
const unsigned char OPT_COMPRESS2 = 86;
const unsigned char OPT_MSP = 90;
const unsigned char OPT_MXP = 91;
const unsigned char TNSB_IS = 0;
const unsigned char TNSB_SEND = 1;
This resolves that number of warning per file in a lot of files too.
If someone built it and it trucates, it would allow a malicious user
to send data to control pretty much anything, seeing as triggers could
be abused in 'perfect' ways (the scripting system pretty much gives
incoming stuff total control, if abused right)
To manage notifications about this bug go to:
https://bugs.launchpad.net/mudlet/+bug/1055950/+subscriptions
Follow ups
References
