tintin icon indicating copy to clipboard operation
tintin copied to clipboard

Published 20 hours ago verified publisher icon scandum

Crash when receiving large GMCP buffers

Open lorienhu opened this issue 2 years ago • 1 comments

Tintin is crashing due to memory protection/buffer overflow upon receiving GMCP data larger than BUFFER_SIZE, which seems to be defined in the Tintin source as 40000.

Neither the Telnet RFC or the GMCP specification defines any maximum size for a single GMCP message, so there should probably be some handling for this.

lorienhu avatar May 05 '23 05:05 lorienhu

One thing to be mindful of is to only call %1 once in the event, and it's an option to increase BUFFER_SIZE in tintin.h and recompile.

This is on my list of things to fix, but dynamic string handling in C is a bit of a challenge.

scandum avatar May 09 '23 07:05 scandum