https://gitlab.synchro.net/main/sbbs/-/commit/da406c0a793ce998e982dd88
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Fix CID 33235: Argument cannot be negative
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/2db618ae2da445cf21a420c5
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Fix smb.subnum corruption in writemsg()

Fix issue introduced 9 years ago that could cause a crash after replying to a post via email or netmail and then displaying the header of a poll message or a normal message with votes:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
at getmsg.cpp:255
255 ,cfg.sub[smb->subnum]->misc&SUB_ NAME ? useron.name : useron.alias, NET_NONE, NULL);
[Current thread is 1 (Thread 0x7f9ebadf3700 (LWP 23279))]
(gdb) print smb->subnum
$1 = 4294967295
(gdb) bt
#0 0x00007f9f9569a317 in sbbs_t::show_msg (this=0x7f9f70c56880,
smb=0x7f9f70c5e4e0, msg=0x7f9ebadf08b0, p_mode=4, post=0x7f9f18071a24)
at getmsg.cpp:255
#1 0x00007f9f957b2aee in sbbs_t::scanposts (this=0x7f9f70c56880, subnum=9,
mode=2, find=0x7f9ebadf1270 "") at readmsgs.cpp:670
#2 0x00007f9f957bb75a in sbbs_t::scanallsubs (this=0x7f9f70c56880, mode=2)
at scansubs.cpp:219
#3 0x00007f9f9568c948 in sbbs_t::exec_msg (this=0x7f9f70c56880,
csi=0x7f9f70c64768) at execmsg.cpp:315
#4 0x00007f9f95683129 in sbbs_t::exec_function (this=0x7f9f70c56880,
csi=0x7f9f70c64768) at execfunc.cpp:422
#5 0x00007f9f95679450 in sbbs_t::exec (this=0x7f9f70c56880,
csi=0x7f9f70c64768) at exec.cpp:1199
#6 0x00007f9f9577d742 in node_thread (arg=0x7f9f70c56880) at main.cpp:4364

writemsg() was changing the global smb.subnum and when writing an email or netmail, that subnum value is -1 (since it's not a sub-board) and then later show_msg() is using the smb.subnum as a index into scfg.sub[] when determining if the current user already voted on the message being displayed and then: bang, crash, fall down, go boom.

Simply saving and restoring the smb.subnum when executing an external editor is all that was needed here. And this is the first use of the C++ "auto" keyword in Synchronet!
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/208cc78b54ac851645e8cbd1
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Don't save draft messages upon disconnect for Guest or "no one" (user #0)

Fix issue #508
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/ff3864002e9a51e98b1c83f5
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Bounds-check the buffer being written in msgeditor()

Replace the suspicious strcpy/strcat's in msgeditor(), the built-in line editor, with bounds-enforced snprintf() calls.
Also, properly define MAX_LINE_LEN to account for the trailing \r\n on each line. It appears we've been under allocating the total possible message buffer size (by 2 bytes per line) for a while now.
These 2 changes together should fix issue #547: apparent heap corruption due
to 'buf' overflow in msgeditor().
Also added a line count check/cap-enforcement with logged error message if exceeded (should never happen).

Also fixed in this commit: off-by-one when enforcing max message length in msgeditor().

Also added checks that the 'cols' (used in MAX_LINE_LEN) are reasonable values (40+), 2 was below the threshold of what would be expected to work since
there is logic that deducts 4 from cols, for example.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/2d9f8a32c55c82016b13d0a1
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
When writing messages with a 'top' in raw-input-mode, don't add excessive CRLF

If the top already ends in a blank line, no additional CRLF is warranted (between the 'top' and the raw-input message 'body').
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/84527be03f4d728bafe58f10
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Fix new GCC warning in printf format string.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/4f9a8b209a160d8fac1fc4a3
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Address a couple of Coverity-reported defects

CID 452331
CID 452330
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/10beb091cd05d255e3911a80
Modified Files:
src/sbbs3/writemsg.cpp
Log Message:
Log a file "create" error if process_edited_file() returns a negative value

I discovered that sbbs_t::editfile() (exposed as JS console.editfile) just silently failed if it couldn't write to the destination file
(e.g. permission denied by OS).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net