• src/sbbs3/writemsg.cpp

    From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jul 3 15:55:50 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2db618ae2da445cf21a420c5
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix smb.subnum corruption in writemsg()

    Fix issue introduced 9 years ago that could cause a crash after replying to a post via email or netmail and then displaying the header of a poll message or a normal message with votes:

    Program terminated with signal SIGSEGV, Segmentation fault.
    #0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
    smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
    at getmsg.cpp:255
    255 ,cfg.sub[smb->subnum]->misc&SUB_ NAME ? useron.name : useron.alias, NET_NONE, NULL);
    [Current thread is 1 (Thread 0x7f9ebadf3700 (LWP 23279))]
    (gdb) print smb->subnum
    $1 = 4294967295
    (gdb) bt
    #0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
    smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
    at getmsg.cpp:255
    #1 0x00007f9f957b2aee in sbbs_t::scanposts (this=0x7f9f70c56880, subnum=9,
    mode=2, find=0x7f9ebadf1270 "") at readmsgs.cpp:670
    #2 0x00007f9f957bb75a in sbbs_t::scanallsubs (this=0x7f9f70c56880, mode=2)
    at scansubs.cpp:219
    #3 0x00007f9f9568c948 in sbbs_t::exec_msg (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at execmsg.cpp:315
    #4 0x00007f9f95683129 in sbbs_t::exec_function (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at execfunc.cpp:422
    #5 0x00007f9f95679450 in sbbs_t::exec (this=0x7f9f70c56880,
    csi=0x7f9f70c64768) at exec.cpp:1199
    #6 0x00007f9f9577d742 in node_thread (arg=0x7f9f70c56880) at main.cpp:4364

    writemsg() was changing the global smb.subnum and when writing an email or netmail, that subnum value is -1 (since it's not a sub-board) and then later show_msg() is using the smb.subnum as a index into scfg.sub[] when determining if the current user already voted on the message being displayed and then: bang, crash, fall down, go boom.

    Simply saving and restoring the smb.subnum when executing an external editor is all that was needed here. And this is the first use of the C++ "auto" keyword in Synchronet!

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:45:54 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/ff3864002e9a51e98b1c83f5
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Bounds-check the buffer being written in msgeditor()

    Replace the suspicious strcpy/strcat's in msgeditor(), the built-in line editor, with bounds-enforced snprintf() calls.
    Also, properly define MAX_LINE_LEN to account for the trailing \r\n on each line. It appears we've been under allocating the total possible message buffer size (by 2 bytes per line) for a while now.
    These 2 changes together should fix issue #547: apparent heap corruption due
    to 'buf' overflow in msgeditor().
    Also added a line count check/cap-enforcement with logged error message if exceeded (should never happen).

    Also fixed in this commit: off-by-one when enforcing max message length in msgeditor().

    Also added checks that the 'cols' (used in MAX_LINE_LEN) are reasonable values (40+), 2 was below the threshold of what would be expected to work since
    there is logic that deducts 4 from cols, for example.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:45:54 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2d9f8a32c55c82016b13d0a1
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    When writing messages with a 'top' in raw-input-mode, don't add excessive CRLF

    If the top already ends in a blank line, no additional CRLF is warranted (between the 'top' and the raw-input message 'body').

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Thu Apr 13 18:47:22 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/84527be03f4d728bafe58f10
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix new GCC warning in printf format string.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Fri Apr 14 20:37:52 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/4f9a8b209a160d8fac1fc4a3
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Address a couple of Coverity-reported defects

    CID 452331
    CID 452330

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Dec 21 12:38:45 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/daf8fa55aa08b39bf8b4fc6e
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix internal line editor buffer overflow (heap corruption)

    ... wasn't accounting for length of the 'top' buffer (when supplied).

    Also, for raw input mode:
    - flush the input buffer (stray LF) before accepting input
    - turn off raw input mode if run out of bytes (max lines/length reached)

    I was investigating the reported error by Nelgin:
    !ERROR in writemsg.cpp line 1214 (msgeditor) checking
    "max lines (20) exceeded" access=46
    which I was unable to reproduce, when I encountered the issues addressed
    in this commit.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Dec 26 16:04:06 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/3057bcc20148e3d93d1052a5
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Insure uploaded text ends in a new-line

    We were appending .sig files to uploaded text, which may not have ended
    in an LF or CRLF sequence. This fixes that.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Fri Dec 29 17:10:28 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/ee5e3e8ee949f73113909680
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix an error path FILE* leak (CID 462238)

    Go ahead and fix false-positive CID 33482 by adding a NULL check to quotestr()

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Jan 23 18:37:49 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/1321d7f537df2b0eb0c99f33
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    When editing a message, pass the proper to/from/subj/area to drop file

    Fixes issue #704 - not just for JS bbs.edit_msg(), but for all uses of the underlying sbbs_t::editmsg() function.

    Replaced one specific comparison of subnum == INVALID_SUB with call to is_valid_subnum() just to be consistent. No functional change there.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Feb 13 20:37:50 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/00afb97cc670fdf3e11aa839
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Improvements to UTF-8 capable external editor support

    1. Add an 8th line to MSGINF (for SlyEdit): the character set expected
    (either "CP437", the default, or "UTF-8") based on the SCFG configuration
    2. Don't apply "Soft-CR" (0x8D) stripping/expansion for UTF-8 editors

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Feb 15 19:24:53 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/0dc20c1f9bf66ae376b0f22d
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    If the quotes.txt file doesn't exist with the right case, try any case

    (but prefer the proper/configured case, based on config in SCFG).

    Works around a problem where DDMsgReader always creates QUOTES.TXT (never quotes.txt), but SBBS tries to read in the file with the case it expects.
    This wouldn't be a problem on case-insensitive file systems (Windows).

    Resolves the writemsg.cpp error reported by Nelgin

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Feb 15 21:37:00 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/f894f62108ad3251bfcba84c
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix bug in previous commit to this file

    I'm surprised this didn't create a warning somewhere: treating char* as a
    bool!

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Tue Feb 20 23:57:53 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/f754ad9057b0cd076bcf57b1
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Allow UTF-8 sequences in message subjects (passing K_UTF8 to getstr)

    This was the behavior for all string input in SBBS until recently
    (Commit 55ccda6294f82506), with this change, an exception is being
    made for message subjects, but the vast majority of other string
    input is still limited to single-byte (i.e. US-ASCII or CP437)
    characters.

    This should fix issue #720

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat Sep 21 13:08:41 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/10beb091cd05d255e3911a80
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Log a file "create" error if process_edited_file() returns a negative value

    I discovered that sbbs_t::editfile() (exposed as JS console.editfile) just silently failed if it couldn't write to the destination file
    (e.g. permission denied by OS).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Mon Nov 4 17:37:33 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/e3f17e6411aba06d9894b169
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Internal message/line editor improvements

    * Allow left and right arrow keys to move between lines (within reason)
    * Use the K_USEOFFSET getstr() mode flag to keep cursor position when moving
    between lines with arrow keys
    * Be smart about integer padding when /Listing lines with numbers
    * Add range checking (!) and better error reporting for /Lx argument value

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Mon Dec 9 19:15:31 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/fbe51f3eec27287c29f058a1
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Fix off-by-one usage of snprintf() when copying message subject

    - when converting from CP437 to UTF-8
    - when reading from RESULT.ED drop file

    This effectively limited message subjects in some instances to 69 chars
    instead of 70. This bug was caught while debugging a replied-message subject conversion from UTF-8 to CP437 issue reported by Accession.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Dec 24 13:33:38 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/51cb7273a3a6d6c14e64e07f
    Modified Files:
    src/sbbs3/writemsg.cpp
    Log Message:
    Close file descriptor in error condition

    Fix CID 516461

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net