BBS:      TELESC.NET.BR
Assunto:  src/sbbs3/websrvr.cpp
De:       Rob Swindell (on Debian Linux)
Data:     Wed, 6 May 2026 19:41:53 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/62b41cd33f2fa4292d83710d
Modified Files:
	src/sbbs3/websrvr.cpp
Log Message:
websrvr: handle getuserdat failures in http_logon and check_ars (CIDs 516407, 516410, 639949)

Both call sites set user.number then read the rest of the user record
via getuserdat(). On read failure the user struct was left partially
populated, then used for password comparison or downstream session
state. Treat the failure as a system error: log it and either fall
back to an unauthenticated session (http_logon) or reject the auth
attempt (check_ars).

Co-Authored-By: Claude Opus 4.7 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]