BBS:      TELESC.NET.BR
Assunto:  src/sbbs3/mqtt.c
De:       Rob Swindell (on Windows 11)
Data:     Sun, 3 May 2026 20:31:55 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/bc1ecf0980178ef81c5111c1
Modified Files:
	src/sbbs3/mqtt.c
Log Message:
sbbs3 mqtt: escape control bytes in login_attempts payload

The login-failure 'prot' and 'user' fields published to the retained
topic sbbs//host//login_attempts/ are attacker-
controlled strings. The prior sanitize_field() only replaced tab,
CR, and LF with spaces, leaving NUL, DEL, escape, and high-bit bytes
to leak into the MQTT payload -- and into the terminal of anyone
tailing the topic with mosquitto_sub or similar (terminal-escape
injection risk).

Replace with c_escape_str(..., ctrl_only=true), which renders all
control bytes and high-bit bytes as C-style escapes (\t, \r, \xNN,
\e, etc.). Tab/CR/LF field-separator integrity is preserved as a
side effect since those are also control bytes.

Local prot/user buffers grown to 4*field_size+1 to accommodate the
worst-case \xNN expansion of every source byte.

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]