1. Forum
  2. FidoNet Int
  3. sync programming

  • src/syncterm/bbslist.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Feb 22 09:41:31 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/37040a2302385f7970938906
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Don't use strnicmp() with length of zero because Win32 is stupid.

    May fix tickets 224, 220, and 217.
    I need to boot Windows somewhere and test.
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Mon Feb 23 11:23:15 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/19d9da43ee78d3fe989c8e6f
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Fix Custom Screen Mode Program Setting

    Was not shown in menu.
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/75cc9b15e717d6cf77dc90b0
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Fix stack buffer overflows in bbslist.c build_edit_list()

    The opt[][69] array has 69-byte elements, but several sprintf() calls
    could write past that:

    - "Address %s" with item->addr (LIST_ADDR_MAX=64, +18 = 83)
    - "Phone Number %s", "Device Name %s", etc. (same field)
    - "GHost Program %s" with item->password (MAX_PASSWD_LEN=128, +18 = 147)
    - "BBS Username %s" with item->password (same)
    - "Font %s" with item->font (80 bytes, +18 = 98)

    Changed these to snprintf(opt[i++], sizeof(opt[0]), ...) to truncate
    instead of overflowing. Other sprintf() calls in the same function
    already used printf_trunc() or format short bounded values (Yes/No,
    small ints, "********") and are not affected.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/d89bbbce2b372e8259d40fbc
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Clamp ANSIMusic value read from BBS list files

    entry->music was read with iniGetInteger() and used unchecked as an
    index into music_names[] (a 3-element array) in build_edit_list().
    A malicious web-hosted syncterm.lst could set ANSIMusic=999 and
    cause an out-of-bounds read, likely crashing when sprintf() tries
    to dereference the wild pointer.

    Clamp to the valid range [CTERM_MUSIC_SYNCTERM..CTERM_MUSIC_ENABLED]
    after reading, defaulting back to CTERM_MUSIC_BANSI on bad values.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)