1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/syncterm/bbslist.c

    From Deuc¿@VERT to Git commit to main/sbbs/master on Tue Dec 30 17:15:23 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/20962b53d4e3492c98eee0d9
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Fix potential file stream leak

    When changing the number of key derivation iterations but the list
    is not currently encrypted, the list file would never be closed.

    Likely not the cause of the recent default settings issue on Windows.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Wed Dec 31 20:37:36 2025
    https://gitlab.synchro.net/main/sbbs/-/commit/eef0551b0c98c7fb1bdc64c5
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Don't pass the defaults pointer when we don't want to read them

    ie: Don't read default connection settings from system list or
    the web lists.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Feb 22 09:41:31 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/37040a2302385f7970938906
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Don't use strnicmp() with length of zero because Win32 is stupid.

    May fix tickets 224, 220, and 217.
    I need to boot Windows somewhere and test.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Mon Feb 23 11:23:15 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/19d9da43ee78d3fe989c8e6f
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Fix Custom Screen Mode Program Setting

    Was not shown in menu.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/75cc9b15e717d6cf77dc90b0
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Fix stack buffer overflows in bbslist.c build_edit_list()

    The opt[][69] array has 69-byte elements, but several sprintf() calls
    could write past that:

    - "Address %s" with item->addr (LIST_ADDR_MAX=64, +18 = 83)
    - "Phone Number %s", "Device Name %s", etc. (same field)
    - "GHost Program %s" with item->password (MAX_PASSWD_LEN=128, +18 = 147)
    - "BBS Username %s" with item->password (same)
    - "Font %s" with item->font (80 bytes, +18 = 98)

    Changed these to snprintf(opt[i++], sizeof(opt[0]), ...) to truncate
    instead of overflowing. Other sprintf() calls in the same function
    already used printf_trunc() or format short bounded values (Yes/No,
    small ints, "********") and are not affected.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/d89bbbce2b372e8259d40fbc
    Modified Files:
    src/syncterm/bbslist.c
    Log Message:
    Clamp ANSIMusic value read from BBS list files

    entry->music was read with iniGetInteger() and used unchecked as an
    index into music_names[] (a 3-element array) in build_edit_list().
    A malicious web-hosted syncterm.lst could set ANSIMusic=999 and
    cause an out-of-bounds read, likely crashing when sprintf() tries
    to dereference the wild pointer.

    Clamp to the valid range [CTERM_MUSIC_SYNCTERM..CTERM_MUSIC_ENABLED]
    after reading, defaulting back to CTERM_MUSIC_BANSI on bad values.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net