1. Forum
  2. Fidonet
  3. SYNC PROGRAMMING

  • src/syncterm/ripper.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Feb 22 11:38:19 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/f73b6e394587333ffd76521c
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Parse RIP_NO_MORE in RIP_STATE_PIPE, not RIP_STATE_CMD

    This will likely screw up on !|0#, but hopefully nobody has ever done
    that.

    Fixes ticket 218
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Mon Feb 23 16:17:52 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/27e6a20fa2b8661b46668d88
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix new potential RIP crash

    Would potentially use a negative length after a |#
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/bb2238f684befe43deb34cea
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix heap buffer overflows in ripper.c RIPscrip command handling

    Four strcat() calls append RIPscrip arguments (from the remote server)
    to cache_path[MAX_PATH+1] without checking whether the result fits.
    The path-traversal guards reject "..", "/", and "\" but do not limit
    length. A long filename from a malicious RIPscrip server overflows
    the buffer.

    Changed to strlcat(cache_path, ..., sizeof(cache_path)) at all four
    sites: file-query (&args[6]), icon-load (&args[9] + ".ICN"), and
    icon-save (&args[1]). The existing SkyPix download path already had
    a strlen() guard and was not affected.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 14:09:13 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/2054747bb2823818ea5d1a0d
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix multiple ripper.c security and correctness bugs

    Security fixes:
    - Add path traversal checks (..//\) to LOAD_ICON, WRITE_ICON,
    ENTER_BLOCK_MODE, and font file loading
    - Add overflow guard for ICN pixel buffer allocation (32-bit)
    - Clamp viewport coordinates to world frame dimensions
    - Cap handle_command_str recursion depth to 64
    - Fix sprintf stack overflow in FILE_QUERY case 4 (snprintf)
    - Guard parse_string NULL return in do_rip_command
    - Guard strdup NULL return in bicmp

    Correctness fixes:
    - Remove incorrect viewport offsets from EXTENDED_TEXT_WINDOW (v2+)
    - Fix MOUSE hot field y2 using viewport.sx instead of .sy
    - Fix POLY_LINE y1 init using x_dim instead of y_dim
    - Fix conn_send length for FILE_QUERY \r\n responses (2 -> 3)
    - Fix draw_pixel XOR mode memory leak (freepixels before return)
    - Fix ansi_only() missing break before fall-through
    - Reject zero dimensions in SET_WORLD_FRAME
    - Clamp do_popup dimensions to screen size
    - Fix init_rip_ver memory leaks (mouse fields, clipboard, scb)
    - Add Amiga font file validation at load time
    - Add per-case argc checks in do_skypix
    - Handle realloc failure in reinit_screen gracefully
    - Add NULL checks for getpixels in set_line and flood fill

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sun Mar 15 22:51:39 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/5ca54e09393c1068e32e599f
    Modified Files:
    src/syncterm/ripper.c
    Log Message:
    Fix draw_button() off-by-one errors for exclusive box coordinates

    box.x2/y2 are exclusive (one past end), so:
    - Sunken border right/bottom highlight lines drew one pixel too far out
    - Recessed border width/height were one pixel too large, pushing the
    outer border off-screen for full-width buttons

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Novedades:

Servidor de Quake 3 Arena Online! - Conectate a ferchobbs.ddns.net, puerto 27960 y vence con tu equipo!