Synchronet now requires the libarchive development package (e.g. libarchive-dev on Debian-based Linux distros, libarchive.org for more info) to build successfully.

Commit 121e87b7 authored by rswindell's avatar rswindell

Fix long-standing bug in js_ParseMsgHeaderObject which is only (currently)

used by js_post_msg() (the JS bbs.post_msg() method when used with the
reply_header object argument) - the private data attached to a message
header object is of type privatemsg_t, not private_t. This caused the
dereferences of and assignments to p->smb_result in parse_header_object()
to corrupt the privatemsg_t->msg memory causing heap corruption (caught
on Windows debug builds in js_get_msg_header_finalize()) and stack faults
(caught on Linux-gcc in parse_recipient_object()). This one was hard to
find. <whew!>
parent 27c9842c
......@@ -931,14 +931,14 @@ err:
/* obj must've been previously returned from get_msg_header() */
BOOL DLLCALL js_ParseMsgHeaderObject(JSContext* cx, JSObject* obj, smbmsg_t* msg)
{
private_t* p;
privatemsg_t* p;
if((p=(private_t*)JS_GetPrivate(cx,obj))==NULL) {
if((p=(privatemsg_t*)JS_GetPrivate(cx,obj))==NULL) {
JS_ReportError(cx,getprivate_failure,WHERE);
return(FALSE);
}
if(!parse_header_object(cx, p, obj, msg, /* recipient */ TRUE)) {
if(!parse_header_object(cx, p->p, obj, msg, /* recipient */ TRUE)) {
smb_freemsgmem(msg);
return(FALSE);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment