1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/syncterm/ooii.c

    From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 14:09:13 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/dda4230505eae8746e7a9423
    Modified Files:
    src/syncterm/ooii.c
    Log Message:
    Fix multiple ooii.c security bugs

    - getBlock(): add maxlen parameter to prevent unbounded buffer copy
    from remote BBS data (stack buffer overflow)
    - Add bounds checks on array lookups indexed by remote data:
    diseases[11], armors[13], suits[4], weapons[27], ammos[6]
    - Replace strcat(menuBlock) with strlcat to prevent overflow when
    getBlock fills buffer near capacity
    - Add NUL terminator checks before codeStr++ in incomingMapScanner
    to prevent reads past end of string from truncated BBS data

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net