From 3da89611426e836e71f7dda774403a3a01b907ae Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Tue, 19 Mar 2019 19:48:22 +0000
Subject: [PATCH] Fix the off-by-one error in the COLS kludge line parsing
 logic. Don't store a columns value of 0 (the default). Use SAFEPRINTF in
 place of sprintf() in parse_control_line().

---
 src/sbbs3/sbbsecho.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/sbbs3/sbbsecho.c b/src/sbbs3/sbbsecho.c
index d013bca802..d66381684f 100644
--- a/src/sbbs3/sbbsecho.c
+++ b/src/sbbs3/sbbsecho.c
@@ -177,7 +177,7 @@ char* parse_control_line(const char* fmsgbuf, const char* kludge)
 
 	if(fmsgbuf == NULL)
 		return NULL;
-	sprintf(str, "\1%s", kludge);
+	SAFEPRINTF(str, "\1%s", kludge);
 	p = strstr(fmsgbuf, str);
 	if(p == NULL)
 		return NULL;
@@ -3474,11 +3474,12 @@ int fmsgtosmsg(char* fbuf, fmsghdr_t* hdr, uint user, uint subnum)
 				msg.hdr.when_written.zone = fmsgzone(fbuf+l);
 			}
 
-			else if(!strncmp((char *)fbuf+l+1,"COLS:", 5)) {	/* SBBSecho */
-				l+=5;
+			else if(!strncmp((char *)fbuf + l + 1, "COLS:", 5)) {	/* SBBSecho */
+				l += 6;
 				while(l<length && fbuf[l] <= ' ' && fbuf[l] >= 0) l++;
 				uint8_t columns = atoi(fbuf + l);
-				smb_hfield_bin(&msg, SMB_COLUMNS, columns);
+				if(columns > 0)
+					smb_hfield_bin(&msg, SMB_COLUMNS, columns);
 			}
 
 			else {		/* Unknown kludge line */
-- 
GitLab