1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/syncterm/ooii.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Wednesday, October 02, 2024 21:16:03
    https://gitlab.synchro.net/main/sbbs/-/commit/22c6fecbbe96d775ca2fc4a2
    Modified Files:
    src/syncterm/ooii.c
    Log Message:
    Replace non-ASCII characters with \xXX escaped ones.

    Too many tools are gungo-ho over UTF-8 these days.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, March 15, 2026 14:09:13
    https://gitlab.synchro.net/main/sbbs/-/commit/dda4230505eae8746e7a9423
    Modified Files:
    src/syncterm/ooii.c
    Log Message:
    Fix multiple ooii.c security bugs

    - getBlock(): add maxlen parameter to prevent unbounded buffer copy
    from remote BBS data (stack buffer overflow)
    - Add bounds checks on array lookups indexed by remote data:
    diseases[11], armors[13], suits[4], weapons[27], ammos[6]
    - Replace strcat(menuBlock) with strlcat to prevent overflow when
    getBlock fills buffer near capacity
    - Add NUL terminator checks before codeStr++ in incomingMapScanner
    to prevent reads past end of string from truncated BBS data

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)