BBS:      TELESC.NET.BR
Assunto:  src/syncterm/ooii.c
De:       Deuc¨
Data:     Sun, 15 Mar 2026 14:09:13 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/dda4230505eae8746e7a9423
Modified Files:
	src/syncterm/ooii.c
Log Message:
Fix multiple ooii.c security bugs

- getBlock(): add maxlen parameter to prevent unbounded buffer copy
  from remote BBS data (stack buffer overflow)
- Add bounds checks on array lookups indexed by remote data:
  diseases[11], armors[13], suits[4], weapons[27], ammos[6]
- Replace strcat(menuBlock) with strlcat to prevent overflow when
  getBlock fills buffer near capacity
- Add NUL terminator checks before codeStr++ in incomingMapScanner
  to prevent reads past end of string from truncated BBS data

Co-Authored-By: Claude Opus 4.6 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]