search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gdb server: Fix buffer overrun - sprintf appends a terminating null to the data which...
[openocd.git] / src / server / telnet_server.c
blobf182a04301828397ab9d26607a77190a248860f6
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007-2010 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
15 * *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
20 * *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
26
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include "telnet_server.h"
32 #include <target/target_request.h>
33
34 static const char *telnet_port;
35
36 static char *negotiate =
37 "\xFF\xFB\x03" /* IAC WILL Suppress Go Ahead */
38 "\xFF\xFB\x01" /* IAC WILL Echo */
39 "\xFF\xFD\x03" /* IAC DO Suppress Go Ahead */
40 "\xFF\xFE\x01"; /* IAC DON'T Echo */
41
42 #define CTRL(c) (c - '@')
43
44 /* The only way we can detect that the socket is closed is the first time
45 * we write to it, we will fail. Subsequent write operations will
46 * succeed. Shudder!
47 */
48 static int telnet_write(struct connection *connection, const void *data,
49 int len)
50 {
51 struct telnet_connection *t_con = connection->priv;
52 if (t_con->closed)
53 return ERROR_SERVER_REMOTE_CLOSED;
54
55 if (connection_write(connection, data, len) == len)
56 return ERROR_OK;
57 t_con->closed = 1;
58 return ERROR_SERVER_REMOTE_CLOSED;
59 }
60
61 static int telnet_prompt(struct connection *connection)
62 {
63 struct telnet_connection *t_con = connection->priv;
64
65 return telnet_write(connection, t_con->prompt, strlen(t_con->prompt));
66 }
67
68 static int telnet_outputline(struct connection *connection, const char *line)
69 {
70 int len;
71
72 /* process lines in buffer */
73 while (*line) {
74 char *line_end = strchr(line, '\n');
75
76 if (line_end)
77 len = line_end-line;
78 else
79 len = strlen(line);
80
81 telnet_write(connection, line, len);
82 if (line_end) {
83 telnet_write(connection, "\r\n", 2);
84 line += len + 1;
85 } else
86 line += len;
87 }
88
89 return ERROR_OK;
90 }
91
92 static int telnet_output(struct command_context *cmd_ctx, const char *line)
93 {
94 struct connection *connection = cmd_ctx->output_handler_priv;
95
96 return telnet_outputline(connection, line);
97 }
98
99 static void telnet_log_callback(void *priv, const char *file, unsigned line,
100 const char *function, const char *string)
101 {
102 struct connection *connection = priv;
103 struct telnet_connection *t_con = connection->priv;
104 int i;
105
106 /* if there is no prompt, simply output the message */
107 if (t_con->line_cursor < 0) {
108 telnet_outputline(connection, string);
109 return;
110 }
111
112 /* clear the command line */
113 for (i = strlen(t_con->prompt) + t_con->line_size; i > 0; i -= 16)
114 telnet_write(connection, "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b", i > 16 ? 16 : i);
115 for (i = strlen(t_con->prompt) + t_con->line_size; i > 0; i -= 16)
116 telnet_write(connection, " ", i > 16 ? 16 : i);
117 for (i = strlen(t_con->prompt) + t_con->line_size; i > 0; i -= 16)
118 telnet_write(connection, "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b", i > 16 ? 16 : i);
119
120 /* output the message */
121 telnet_outputline(connection, string);
122
123 /* put the command line to its previous state */
124 telnet_prompt(connection);
125 telnet_write(connection, t_con->line, t_con->line_size);
126 for (i = t_con->line_size; i > t_con->line_cursor; i--)
127 telnet_write(connection, "\b", 1);
128 }
129
130 static int telnet_new_connection(struct connection *connection)
131 {
132 struct telnet_connection *telnet_connection = malloc(sizeof(struct telnet_connection));
133 struct telnet_service *telnet_service = connection->service->priv;
134 int i;
135
136 connection->priv = telnet_connection;
137
138 /* initialize telnet connection information */
139 telnet_connection->closed = 0;
140 telnet_connection->line_size = 0;
141 telnet_connection->line_cursor = 0;
142 telnet_connection->option_size = 0;
143 telnet_connection->prompt = strdup("> ");
144 telnet_connection->state = TELNET_STATE_DATA;
145
146 /* output goes through telnet connection */
147 command_set_output_handler(connection->cmd_ctx, telnet_output, connection);
148
149 /* negotiate telnet options */
150 telnet_write(connection, negotiate, strlen(negotiate));
151
152 /* print connection banner */
153 if (telnet_service->banner) {
154 telnet_write(connection, telnet_service->banner, strlen(telnet_service->banner));
155 telnet_write(connection, "\r\n", 2);
156 }
157
158 /* the prompt is always placed at the line beginning */
159 telnet_write(connection, "\r", 1);
160 telnet_prompt(connection);
161
162 /* initialize history */
163 for (i = 0; i < TELNET_LINE_HISTORY_SIZE; i++)
164 telnet_connection->history[i] = NULL;
165 telnet_connection->next_history = 0;
166 telnet_connection->current_history = 0;
167
168 log_add_callback(telnet_log_callback, connection);
169
170 return ERROR_OK;
171 }
172
173 static void telnet_clear_line(struct connection *connection,
174 struct telnet_connection *t_con)
175 {
176 /* move to end of line */
177 if (t_con->line_cursor < t_con->line_size)
178 telnet_write(connection,
179 t_con->line + t_con->line_cursor,
180 t_con->line_size - t_con->line_cursor);
181
182 /* backspace, overwrite with space, backspace */
183 while (t_con->line_size > 0) {
184 telnet_write(connection, "\b \b", 3);
185 t_con->line_size--;
186 }
187 t_con->line_cursor = 0;
188 }
189
190 static int telnet_input(struct connection *connection)
191 {
192 int bytes_read;
193 unsigned char buffer[TELNET_BUFFER_SIZE];
194 unsigned char *buf_p;
195 struct telnet_connection *t_con = connection->priv;
196 struct command_context *command_context = connection->cmd_ctx;
197
198 bytes_read = connection_read(connection, buffer, TELNET_BUFFER_SIZE);
199
200 if (bytes_read == 0)
201 return ERROR_SERVER_REMOTE_CLOSED;
202 else if (bytes_read == -1) {
203 LOG_ERROR("error during read: %s", strerror(errno));
204 return ERROR_SERVER_REMOTE_CLOSED;
205 }
206
207 buf_p = buffer;
208 while (bytes_read) {
209 switch (t_con->state) {
210 case TELNET_STATE_DATA:
211 if (*buf_p == 0xff)
212 t_con->state = TELNET_STATE_IAC;
213 else {
214 if (isprint(*buf_p)) { /* printable character */
215 /* watch buffer size leaving one spare character for
216 * string null termination */
217 if (t_con->line_size == TELNET_LINE_MAX_SIZE-1) {
218 /* output audible bell if buffer is full
219 * "\a" does not work, at least on windows */
220 telnet_write(connection, "\x07", 1);
221 } else if (t_con->line_cursor == t_con->line_size) {
222 telnet_write(connection, buf_p, 1);
223 t_con->line[t_con->line_size++] = *buf_p;
224 t_con->line_cursor++;
225 } else {
226 int i;
227 memmove(t_con->line + t_con->line_cursor + 1,
228 t_con->line + t_con->line_cursor,
229 t_con->line_size - t_con->line_cursor);
230 t_con->line[t_con->line_cursor] = *buf_p;
231 t_con->line_size++;
232 telnet_write(connection,
233 t_con->line + t_con->line_cursor,
234 t_con->line_size - t_con->line_cursor);
235 t_con->line_cursor++;
236 for (i = t_con->line_cursor; i < t_con->line_size; i++)
237 telnet_write(connection, "\b", 1);
238 }
239 } else { /* non-printable */
240 if (*buf_p == 0x1b) { /* escape */
241 t_con->state = TELNET_STATE_ESCAPE;
242 t_con->last_escape = '\x00';
243 } else if ((*buf_p == 0xd) || (*buf_p == 0xa)) { /* CR/LF */
244 int retval;
245
246 /* skip over combinations with CR/LF and NUL characters */
247 if ((bytes_read > 1) && ((*(buf_p + 1) == 0xa) ||
248 (*(buf_p + 1) == 0xd))) {
249 buf_p++;
250 bytes_read--;
251 }
252 if ((bytes_read > 1) && (*(buf_p + 1) == 0)) {
253 buf_p++;
254 bytes_read--;
255 }
256 t_con->line[t_con->line_size] = 0;
257
258 telnet_write(connection, "\r\n\x00", 3);
259
260 if (strcmp(t_con->line, "history") == 0) {
261 int i;
262 for (i = 1; i < TELNET_LINE_HISTORY_SIZE; i++) {
263 /* the t_con->next_history line contains empty string
264 * (unless NULL), thus it is not printed */
265 char *history_line = t_con->history[(t_con->
266 next_history + i) %
267 TELNET_LINE_HISTORY_SIZE];
268 if (history_line) {
269 telnet_write(connection, history_line,
270 strlen(history_line));
271 telnet_write(connection, "\r\n\x00", 3);
272 }
273 }
274 t_con->line_size = 0;
275 t_con->line_cursor = 0;
276 continue;
277 }
278
279 /* save only non-blank not repeating lines in the history */
280 char *prev_line = t_con->history[(t_con->current_history > 0) ?
281 t_con->current_history - 1 : TELNET_LINE_HISTORY_SIZE-1];
282 if (*t_con->line && (prev_line == NULL ||
283 strcmp(t_con->line, prev_line))) {
284 /* if the history slot is already taken, free it */
285 if (t_con->history[t_con->next_history])
286 free(t_con->history[t_con->next_history]);
287
288 /* add line to history */
289 t_con->history[t_con->next_history] = strdup(t_con->line);
290
291 /* wrap history at TELNET_LINE_HISTORY_SIZE */
292 t_con->next_history = (t_con->next_history + 1) %
293 TELNET_LINE_HISTORY_SIZE;
294
295 /* current history line starts at the new entry */
296 t_con->current_history =
297 t_con->next_history;
298
299 if (t_con->history[t_con->current_history])
300 free(t_con->history[t_con->current_history]);
301 t_con->history[t_con->current_history] = strdup("");
302 }
303
304 t_con->line_size = 0;
305
306 /* to suppress prompt in log callback during command execution */
307 t_con->line_cursor = -1;
308
309 retval = command_run_line(command_context, t_con->line);
310
311 t_con->line_cursor = 0;
312
313 if (retval == ERROR_COMMAND_CLOSE_CONNECTION)
314 return ERROR_SERVER_REMOTE_CLOSED;
315
316 /* the prompt is always * placed at the line beginning */
317 telnet_write(connection, "\r", 1);
318
319 retval = telnet_prompt(connection);
320 if (retval == ERROR_SERVER_REMOTE_CLOSED)
321 return ERROR_SERVER_REMOTE_CLOSED;
322
323 } else if ((*buf_p == 0x7f) || (*buf_p == 0x8)) { /* delete character */
324 if (t_con->line_cursor > 0) {
325 if (t_con->line_cursor != t_con->line_size) {
326 int i;
327 telnet_write(connection, "\b", 1);
328 t_con->line_cursor--;
329 t_con->line_size--;
330 memmove(t_con->line + t_con->line_cursor,
331 t_con->line + t_con->line_cursor + 1,
332 t_con->line_size -
333 t_con->line_cursor);
334
335 telnet_write(connection,
336 t_con->line + t_con->line_cursor,
337 t_con->line_size -
338 t_con->line_cursor);
339 telnet_write(connection, " \b", 2);
340 for (i = t_con->line_cursor; i < t_con->line_size; i++)
341 telnet_write(connection, "\b", 1);
342 } else {
343 t_con->line_size--;
344 t_con->line_cursor--;
345 /* back space: move the 'printer' head one char
346 * back, overwrite with space, move back again */
347 telnet_write(connection, "\b \b", 3);
348 }
349 }
350 } else if (*buf_p == 0x15) /* clear line */
351 telnet_clear_line(connection, t_con);
352 else if (*buf_p == CTRL('B')) { /* cursor left */
353 if (t_con->line_cursor > 0) {
354 telnet_write(connection, "\b", 1);
355 t_con->line_cursor--;
356 }
357 t_con->state = TELNET_STATE_DATA;
358 } else if (*buf_p == CTRL('F')) { /* cursor right */
359 if (t_con->line_cursor < t_con->line_size)
360 telnet_write(connection, t_con->line + t_con->line_cursor++, 1);
361 t_con->state = TELNET_STATE_DATA;
362 } else
363 LOG_DEBUG("unhandled nonprintable: %2.2x", *buf_p);
364 }
365 }
366 break;
367 case TELNET_STATE_IAC:
368 switch (*buf_p) {
369 case 0xfe:
370 t_con->state = TELNET_STATE_DONT;
371 break;
372 case 0xfd:
373 t_con->state = TELNET_STATE_DO;
374 break;
375 case 0xfc:
376 t_con->state = TELNET_STATE_WONT;
377 break;
378 case 0xfb:
379 t_con->state = TELNET_STATE_WILL;
380 break;
381 }
382 break;
383 case TELNET_STATE_SB:
384 break;
385 case TELNET_STATE_SE:
386 break;
387 case TELNET_STATE_WILL:
388 case TELNET_STATE_WONT:
389 case TELNET_STATE_DO:
390 case TELNET_STATE_DONT:
391 t_con->state = TELNET_STATE_DATA;
392 break;
393 case TELNET_STATE_ESCAPE:
394 if (t_con->last_escape == '[') {
395 if (*buf_p == 'D') { /* cursor left */
396 if (t_con->line_cursor > 0) {
397 telnet_write(connection, "\b", 1);
398 t_con->line_cursor--;
399 }
400 t_con->state = TELNET_STATE_DATA;
401 } else if (*buf_p == 'C') { /* cursor right */
402 if (t_con->line_cursor < t_con->line_size)
403 telnet_write(connection,
404 t_con->line + t_con->line_cursor++, 1);
405 t_con->state = TELNET_STATE_DATA;
406 } else if (*buf_p == 'A') { /* cursor up */
407 int last_history = (t_con->current_history > 0) ?
408 t_con->current_history - 1 : TELNET_LINE_HISTORY_SIZE-1;
409 if (t_con->history[last_history]) {
410 telnet_clear_line(connection, t_con);
411 t_con->line_size = strlen(t_con->history[last_history]);
412 t_con->line_cursor = t_con->line_size;
413 memcpy(t_con->line, t_con->history[last_history], t_con->line_size);
414 telnet_write(connection, t_con->line, t_con->line_size);
415 t_con->current_history = last_history;
416 }
417 t_con->state = TELNET_STATE_DATA;
418 } else if (*buf_p == 'B') { /* cursor down */
419 int next_history = (t_con->current_history + 1) % TELNET_LINE_HISTORY_SIZE;
420 if (t_con->history[next_history]) {
421 telnet_clear_line(connection, t_con);
422 t_con->line_size = strlen(t_con->history[next_history]);
423 t_con->line_cursor = t_con->line_size;
424 memcpy(t_con->line, t_con->history[next_history], t_con->line_size);
425 telnet_write(connection, t_con->line, t_con->line_size);
426 t_con->current_history = next_history;
427 }
428 t_con->state = TELNET_STATE_DATA;
429 } else if (*buf_p == '3')
430 t_con->last_escape = *buf_p;
431 else
432 t_con->state = TELNET_STATE_DATA;
433 } else if (t_con->last_escape == '3') {
434 /* Remove character */
435 if (*buf_p == '~') {
436 if (t_con->line_cursor < t_con->line_size) {
437 int i;
438 t_con->line_size--;
439 /* remove char from line buffer */
440 memmove(t_con->line + t_con->line_cursor,
441 t_con->line + t_con->line_cursor + 1,
442 t_con->line_size - t_con->line_cursor);
443
444 /* print remainder of buffer */
445 telnet_write(connection, t_con->line + t_con->line_cursor,
446 t_con->line_size - t_con->line_cursor);
447 /* overwrite last char with whitespace */
448 telnet_write(connection, " \b", 2);
449
450 /* move back to cursor position*/
451 for (i = t_con->line_cursor; i < t_con->line_size; i++)
452 telnet_write(connection, "\b", 1);
453 }
454
455 t_con->state = TELNET_STATE_DATA;
456 } else
457 t_con->state = TELNET_STATE_DATA;
458 } else if (t_con->last_escape == '\x00') {
459 if (*buf_p == '[')
460 t_con->last_escape = *buf_p;
461 else
462 t_con->state = TELNET_STATE_DATA;
463 } else {
464 LOG_ERROR("BUG: unexpected value in t_con->last_escape");
465 t_con->state = TELNET_STATE_DATA;
466 }
467
468 break;
469 default:
470 LOG_ERROR("unknown telnet state");
471 exit(-1);
472 }
473
474 bytes_read--;
475 buf_p++;
476 }
477
478 return ERROR_OK;
479 }
480
481 static int telnet_connection_closed(struct connection *connection)
482 {
483 struct telnet_connection *t_con = connection->priv;
484 int i;
485
486 log_remove_callback(telnet_log_callback, connection);
487
488 if (t_con->prompt) {
489 free(t_con->prompt);
490 t_con->prompt = NULL;
491 }
492
493 for (i = 0; i < TELNET_LINE_HISTORY_SIZE; i++) {
494 if (t_con->history[i]) {
495 free(t_con->history[i]);
496 t_con->history[i] = NULL;
497 }
498 }
499
500 /* if this connection registered a debug-message receiver delete it */
501 delete_debug_msg_receiver(connection->cmd_ctx, NULL);
502
503 if (connection->priv) {
504 free(connection->priv);
505 connection->priv = NULL;
506 } else
507 LOG_ERROR("BUG: connection->priv == NULL");
508
509 return ERROR_OK;
510 }
511
512 int telnet_init(char *banner)
513 {
514 if (strcmp(telnet_port, "disabled") == 0) {
515 LOG_INFO("telnet server disabled");
516 return ERROR_OK;
517 }
518
519 struct telnet_service *telnet_service = malloc(sizeof(struct telnet_service));
520
521 telnet_service->banner = banner;
522
523 return add_service("telnet",
524 telnet_port,
525 1,
526 telnet_new_connection,
527 telnet_input,
528 telnet_connection_closed,
529 telnet_service);
530 }
531
532 /* daemon configuration command telnet_port */
533 COMMAND_HANDLER(handle_telnet_port_command)
534 {
535 return CALL_COMMAND_HANDLER(server_pipe_command, &telnet_port);
536 }
537
538 COMMAND_HANDLER(handle_exit_command)
539 {
540 return ERROR_COMMAND_CLOSE_CONNECTION;
541 }
542
543 static const struct command_registration telnet_command_handlers[] = {
544 {
545 .name = "exit",
546 .handler = handle_exit_command,
547 .mode = COMMAND_EXEC,
548 .usage = "",
549 .help = "exit telnet session",
550 },
551 {
552 .name = "telnet_port",
553 .handler = handle_telnet_port_command,
554 .mode = COMMAND_ANY,
555 .help = "Specify port on which to listen "
556 "for incoming telnet connections. "
557 "Read help on 'gdb_port'.",
558 .usage = "[port_num]",
559 },
560 COMMAND_REGISTRATION_DONE
561 };
562
563 int telnet_register_commands(struct command_context *cmd_ctx)
564 {
565 telnet_port = strdup("4444");
566 return register_commands(cmd_ctx, NULL, telnet_command_handlers);
567 }
Official OpenOCD Mirror