From bee6b15a98d367e99509d6cc55a558a4388bb51c Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Fri, 5 Oct 2018 08:38:46 +0000
Subject: [PATCH] In sbbs_t::getsmsg(), don't lock/read/write/unlock every
 single node record in the node.dab - only the node(s) that have the requested
 user number. In sbbs_t::getsmsg() and ::getsmsg(), strip all invalid Ctrl-A
 attribute codes (e.g. clear screen, pause, etc.) since short-messages
 (telegrams) can come from external sources.

---
 src/sbbs3/getnode.cpp | 9 ++++++---
 src/sbbs3/userdat.c   | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/sbbs3/getnode.cpp b/src/sbbs3/getnode.cpp
index 2efd9e86a7..6da20be1db 100644
--- a/src/sbbs3/getnode.cpp
+++ b/src/sbbs3/getnode.cpp
@@ -319,6 +319,8 @@ int sbbs_t::getsmsg(int usernumber)
 	int		i;
 
 	for(i=1;i<=cfg.sys_nodes;i++) {	/* clear msg waiting flag */
+		if(getnodedat(i,&node,false) != 0 || node.useron != usernumber)
+			continue;
 		if(getnodedat(i,&node,true)==0) {
 			if(node.useron==usernumber
 					&& (node.status==NODE_INUSE || node.status==NODE_QUIET)
@@ -352,7 +354,8 @@ int sbbs_t::getsmsg(int usernumber)
 	buf[length]=0;
 	getnodedat(cfg.node_num,&thisnode,0);
 	if(cols)
-		CRLF; 
+		CRLF;
+	strip_invalid_attr(buf);
 	putmsg(buf,P_NOATCODES);
 	free(buf);
 
@@ -372,7 +375,7 @@ int sbbs_t::whos_online(bool listself)
 	CRLF;
 	bputs(text[NodeLstHdr]);
 	for(j=0,i=1;i<=cfg.sys_nodes && i<=cfg.sys_lastnode;i++) {
-		getnodedat(i,&node,0);
+		getnodedat(i,&node,false);
 		if(i==cfg.node_num) {
 			if(listself)
 				printnodedat(i,&node);
@@ -397,7 +400,7 @@ void sbbs_t::nodelist(void)
 	CRLF;
 	bputs(text[NodeLstHdr]);
 	for(int i=1;i<=cfg.sys_nodes && i<=cfg.sys_lastnode;i++) {
-		getnodedat(i,&node,0);
+		getnodedat(i,&node,false);
 		printnodedat(i,&node); 
 	}
 }
diff --git a/src/sbbs3/userdat.c b/src/sbbs3/userdat.c
index 5f8f655f16..35c7b7d843 100644
--- a/src/sbbs3/userdat.c
+++ b/src/sbbs3/userdat.c
@@ -1302,6 +1302,7 @@ char* DLLCALL getsmsg(scfg_t* cfg, int usernumber)
 	chsize(file,0L);
 	close(file);
 	buf[length]=0;
+	strip_invalid_attr(buf);
 
 	return(buf);	/* caller must free */
 }
-- 
GitLab