1. Forum
  2. FidoNet Int
  3. sync programming

  • src/syncterm/ripper.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Feb 22 11:38:19 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/f73b6e394587333ffd76521c
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Parse RIP_NO_MORE in RIP_STATE_PIPE, not RIP_STATE_CMD

    This will likely screw up on !|0#, but hopefully nobody has ever done
    that.

    Fixes ticket 218
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Mon Feb 23 16:17:52 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/27e6a20fa2b8661b46668d88
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix new potential RIP crash

    Would potentially use a negative length after a |#
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/bb2238f684befe43deb34cea
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix heap buffer overflows in ripper.c RIPscrip command handling

    Four strcat() calls append RIPscrip arguments (from the remote server)
    to cache_path[MAX_PATH+1] without checking whether the result fits.
    The path-traversal guards reject "..", "/", and "\" but do not limit
    length. A long filename from a malicious RIPscrip server overflows
    the buffer.

    Changed to strlcat(cache_path, ..., sizeof(cache_path)) at all four
    sites: file-query (&args[6]), icon-load (&args[9] + ".ICN"), and
    icon-save (&args[1]). The existing SkyPix download path already had
    a strlen() guard and was not affected.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 22:51:39 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/5ca54e09393c1068e32e599f
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix draw_button() off-by-one errors for exclusive box coordinates

    box.x2/y2 are exclusive (one past end), so:
    - Sunken border right/bottom highlight lines drew one pixel too far out
    - Recessed border width/height were one pixel too large, pushing the
    outer border off-screen for full-width buttons

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)