src/syncterm/term.c - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/syncterm/term.c
De:       Deuc¨
Data:     Sun, 15 Mar 2026 01:06:05 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/d5e37e7999b5adf959d31e60
Modified Files:
	src/syncterm/term.c
Log Message:
Fix buffer overflows and missing NULL checks in term.c

apc_handler(): two strcat(fn, p) calls append data from APC escape
sequences (received from the remote BBS) into fn[MAX_PATH+1] without
length checks.  Changed to strlcat(fn, p, sizeof(fn)).

mousedrag(): sbufsize was declared int but holds
width * sizeof(vmem_cell) * height, which is assigned to malloc().
On very large terminal dimensions the int multiplication can wrap,
causing an undersized allocation.  Changed sbufsize to size_t with
an explicit (size_t) cast on the first operand.  Also added a NULL
check on the three malloc() calls  previously a failed allocation
would be passed straight to vmem_gettext()/gettext() and crash.

Co-Authored-By: Claude Opus 4.6 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]