https://gitlab.synchro.net/main/sbbs/-/commit/c772389f204f5834773f554f
Modified Files:
src/sbbs3/scfg/scfg.c scfgchat.c scfgmsg.c scfgnet.c scfgsys.c scfgxtrn.c
Log Message:
Prevent heap corruption by bounds-checking writes to opt[]
Since we are now free()ing the opt[] items in bail(), I've seen heap
corruption core dumps after navigating the SCFG menus with some long configuration items (e.g. timed events with max-length command-lines).
This heap corruption has been present for a long, long time, but not
detected since we weren't free()ing these heap-allocated items.
Increasing MAX_OPLN would have been a mitigation for this issue, but
using snprintf(opt[n],MAX_OPLN,...) is the better fix.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net