From cae445b02ba55fe6a34cf2b6ec0f1132e2d3cd24 Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Tue, 16 Mar 2004 11:33:32 +0000
Subject: [PATCH] Bugfix: input_thread() bug introduced in rev 1.243 (Deuce's
 Unix spy-sockets) if recv returned -1, and client socket was closed and set
 to INVALID_SOCKET, segfault witnessed in telnet_interpret()->memchr(),
 calling with -1 for inlen.

---
 src/sbbs3/main.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/sbbs3/main.cpp b/src/sbbs3/main.cpp
index bf8d41c690..fd2d6f5469 100644
--- a/src/sbbs3/main.cpp
+++ b/src/sbbs3/main.cpp
@@ -994,6 +994,11 @@ static BYTE* telnet_interpret(sbbs_t* sbbs, BYTE* inbuf, int inlen,
 	BYTE*	first_cr=NULL;
 	int 	i;
 
+	if(inlen<1) {
+		outlen=0;
+		return(inbuf);	// no length? No interpretation
+	}
+
     first_iac=(BYTE*)memchr(inbuf, TELNET_IAC, inlen);
 
 	if(!(sbbs->telnet_mode&(TELNET_MODE_BIN_RX|TELNET_MODE_GATE)) 
@@ -1250,7 +1255,9 @@ void input_thread(void *arg)
 
 		if(rd == SOCKET_ERROR)
 		{
+#ifdef __unix__
 			if(sock==sbbs->client_socket)  {
+#endif
 	        	if(ERROR_VALUE == ENOTSOCK)
     	            lprintf(LOG_NOTICE,"Node %d socket closed by peer on receive", sbbs->cfg.node_num);
         	    else if(ERROR_VALUE==ECONNRESET) 
@@ -1263,9 +1270,8 @@ void input_thread(void *arg)
 					lprintf(LOG_WARNING,"Node %d !ERROR %d receiving from socket %d"
         	        	,sbbs->cfg.node_num, ERROR_VALUE, sock);
 				break;
-			}
 #ifdef __unix__
-			else  {
+			} else  {
 				if(ERROR_VALUE != EAGAIN)  {
 					lprintf(LOG_ERR,"Node %d !ERROR %d on local spy socket %d receive"
 						, sbbs->cfg.node_num, errno, sock);
-- 
GitLab