src/syncterm/bbslist.c - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/syncterm/bbslist.c
De:       Deuc¨
Data:     Sun, 15 Mar 2026 01:06:05 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/d89bbbce2b372e8259d40fbc
Modified Files:
	src/syncterm/bbslist.c
Log Message:
Clamp ANSIMusic value read from BBS list files

entry->music was read with iniGetInteger() and used unchecked as an
index into music_names[] (a 3-element array) in build_edit_list().
A malicious web-hosted syncterm.lst could set ANSIMusic=999 and
cause an out-of-bounds read, likely crashing when sprintf() tries
to dereference the wild pointer.

Clamp to the valid range [CTERM_MUSIC_SYNCTERM..CTERM_MUSIC_ENABLED]
after reading, defaulting back to CTERM_MUSIC_BANSI on bad values.

Co-Authored-By: Claude Opus 4.6 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]