• src/sbbs3/scfg/scfg.c scfgchat.c scfgmsg.c scfgnet.c scfgsys.c scfgxtr

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Tuesday, May 23, 2023 20:50:09
    https://gitlab.synchro.net/main/sbbs/-/commit/c772389f204f5834773f554f
    Modified Files:
    src/sbbs3/scfg/scfg.c scfgchat.c scfgmsg.c scfgnet.c scfgsys.c scfgxtrn.c
    Log Message:
    Prevent heap corruption by bounds-checking writes to opt[]

    Since we are now free()ing the opt[] items in bail(), I've seen heap
    corruption core dumps after navigating the SCFG menus with some long configuration items (e.g. timed events with max-length command-lines).
    This heap corruption has been present for a long, long time, but not
    detected since we weren't free()ing these heap-allocated items.
    Increasing MAX_OPLN would have been a mitigation for this issue, but
    using snprintf(opt[n],MAX_OPLN,...) is the better fix.
    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net