Harden opt for EOF and bad indicies.

author: Jason A. Donenfeld <Jason@zx2c4.com> 2012-07-26 18:37:06 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2012-07-26 18:37:39 +0200
commit: 6a84cfb165d1e23bdff47b08cf1b32811c840243 (patch)
tree: 929e6e8b66678ff00d23863f1f4d1d82d9955d2b
parent: Increase to 10 seconds. (diff)
download: telnet-password-honeypot-6a84cfb165d1e23bdff47b08cf1b32811c840243.tar.xz
telnet-password-honeypot-6a84cfb165d1e23bdff47b08cf1b32811c840243.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/honeypot.c b/honeypot.c
index f170ef2..6e5d0af 100644
--- a/honeypot.c
+++ b/honeypot.c
@@ -324,6 +324,8 @@ void negotiate_telnet()
 				case WONT:
 					/* Will / Won't Negotiation */
 					opt = getc(input);
+					if (opt < 0 || opt >= sizeof(telnet_willack))
+						_exit(EXIT_FAILURE);
 					if (!telnet_willack[opt])
 						/* We default to WONT */
 						telnet_willack[opt] = WONT;
@@ -339,6 +341,8 @@ void negotiate_telnet()
 				case DONT:
 					/* Do / Don't Negotiation */
 					opt = getc(input);
+					if (opt < 0 || opt >= sizeof(telnet_options))
+						_exit(EXIT_FAILURE);
 					if (!telnet_options[opt])
 						/* We default to DONT */
 						telnet_options[opt] = DONT;
author	Jason A. Donenfeld <Jason@zx2c4.com>	2012-07-26 18:37:06 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2012-07-26 18:37:39 +0200
commit	6a84cfb165d1e23bdff47b08cf1b32811c840243 (patch)
tree	929e6e8b66678ff00d23863f1f4d1d82d9955d2b
parent	Increase to 10 seconds. (diff)
download	telnet-password-honeypot-6a84cfb165d1e23bdff47b08cf1b32811c840243.tar.xz telnet-password-honeypot-6a84cfb165d1e23bdff47b08cf1b32811c840243.zip