1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/syncterm/webget.c

    From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/df19ebe9b1d7f15845d53525
    Modified Files:
    src/syncterm/webget.c
    Log Message:
    Fix use-after-free and NULL deref in webget.c

    destroy_webget_req() had a copy-paste bug: after freeing req->msg and req->state, the code set req->uri = NULL both times instead of NULLing
    the correct fields. This left req->msg and req->state as dangling
    pointers after free.

    Also add a missing NULL check on strdup() in parse_uri(). If it fails,
    the next line passes NULL to strchr(), which crashes. The mutex is held
    at this point, so the error path uses set_msg_locked() and unlocks
    before jumping to error_return.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net