• src/sbbs3/writemsg.cpp

    From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Apr 25 19:36:21 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/1139cfe5ab831096a0b94cef
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix double close (fnopen doesn't leave the descriptor open)

    Fixes CID 33724.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Aug 17 23:49:55 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/4d01818374e0bb40b1fa15ba
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    When writing/reading quotes.txt, ignore first 2 lines if WWIV-type

    WWIV writes 2 lines of metadata to the beginning of its quotes.txt file created for external message editors. Its not clear yet what these lines should contain, but the first line apparently should contain a '#' character since BREdit checks for this character before deciding to throw-away/ignore these lines (don't use them for quoted text). Thanks mlong for this tip!

    So if the external editor is set to "WWIV CHAIN.TXT" in SCFG (even if the door doesn't need/use it), then the quotes.txt file created by Synchronet will contain the extra 2 lines. We're just writing a # to the first line and the second line is blank.

    This fixes reported issue #188.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Mar 2 13:25:51 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b47b97c2602bdd784b0f63dc
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Detect smb_[f]allocdat() failure in editmsg()

    CID 319091

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Mar 2 18:14:50 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/bb18309c7f0cde12745b44ff
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix CID 33239: Argument cannot be negative

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Mar 13 00:18:52 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/da406c0a793ce998e982dd88
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix CID 33235: Argument cannot be negative

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jul 3 15:55:50 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2db618ae2da445cf21a420c5
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix smb.subnum corruption in writemsg()

    Fix issue introduced 9 years ago that could cause a crash after replying to a post via email or netmail and then displaying the header of a poll message or a normal message with votes:

    Program terminated with signal SIGSEGV, Segmentation fault.
    #0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
    smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
    at getmsg.cpp:255
    255 ,cfg.sub[smb->subnum]->misc&SUB_ NAME ? useron.name : useron.alias, NET_NONE, NULL);
    [Current thread is 1 (Thread 0x7f9ebadf3700 (LWP 23279))]
    (gdb) print smb->subnum
    $1 = 4294967295
    (gdb) bt
    #0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
    smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
    at getmsg.cpp:255
    #1 0x00007f9f957b2aee in sbbs_t::scanposts (this=0x7f9f70c56880, subnum=9,
    mode=2, find=0x7f9ebadf1270 "") at readmsgs.cpp:670
    #2 0x00007f9f957bb75a in sbbs_t::scanallsubs (this=0x7f9f70c56880, mode=2)
    at scansubs.cpp:219
    #3 0x00007f9f9568c948 in sbbs_t::exec_msg (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at execmsg.cpp:315
    #4 0x00007f9f95683129 in sbbs_t::exec_function (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at execfunc.cpp:422
    #5 0x00007f9f95679450 in sbbs_t::exec (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at exec.cpp:1199
    #6 0x00007f9f9577d742 in node_thread (arg=0x7f9f70c56880) at main.cpp:4364

    writemsg() was changing the global smb.subnum and when writing an email or netmail, that subnum value is -1 (since it's not a sub-board) and then later show_msg() is using the smb.subnum as a index into scfg.sub[] when determining if the current user already voted on the message being displayed and then: bang, crash, fall down, go boom.

    Simply saving and restoring the smb.subnum when executing an external editor is all that was needed here. And this is the first use of the C++ "auto" keyword in Synchronet!

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Tue Feb 7 18:11:57 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/208cc78b54ac851645e8cbd1
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Don't save draft messages upon disconnect for Guest or "no one" (user #0)

    Fix issue #508

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:45:54 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/ff3864002e9a51e98b1c83f5
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Bounds-check the buffer being written in msgeditor()

    Replace the suspicious strcpy/strcat's in msgeditor(), the built-in line editor, with bounds-enforced snprintf() calls.
    Also, properly define MAX_LINE_LEN to account for the trailing \r\n on each line. It appears we've been under allocating the total possible message buffer size (by 2 bytes per line) for a while now.
    These 2 changes together should fix issue #547: apparent heap corruption due
    to 'buf' overflow in msgeditor().
    Also added a line count check/cap-enforcement with logged error message if exceeded (should never happen).

    Also fixed in this commit: off-by-one when enforcing max message length in msgeditor().

    Also added checks that the 'cols' (used in MAX_LINE_LEN) are reasonable values (40+), 2 was below the threshold of what would be expected to work since
    there is logic that deducts 4 from cols, for example.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:45:54 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2d9f8a32c55c82016b13d0a1
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    When writing messages with a 'top' in raw-input-mode, don't add excessive CRLF

    If the top already ends in a blank line, no additional CRLF is warranted (between the 'top' and the raw-input message 'body').

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:47:22 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/84527be03f4d728bafe58f10
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix new GCC warning in printf format string.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Fri Apr 14 20:37:52 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/4f9a8b209a160d8fac1fc4a3
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Address a couple of Coverity-reported defects

    CID 452331
    CID 452330

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net