diff --git a/src/sbbs3/jsexec.c b/src/sbbs3/jsexec.c
index aa1b8607922dc3b813fcd7204c11f75b66b89c66..2dc943ea3ca3824ff88e40f00a87144b1223f0fc 100644
--- a/src/sbbs3/jsexec.c
+++ b/src/sbbs3/jsexec.c
@@ -1016,6 +1016,8 @@ long js_exec(const char *fname, char** args)
if((js_buf=realloc(js_buf,js_buflen+len))==NULL) {
lprintf(LOG_ERR,"!Error allocating %u bytes of memory"
,js_buflen+len);
+ if(fp!=stdin)
+ fclose(fp);
return(-1);
}
memcpy(js_buf+js_buflen,line,len);
diff --git a/src/sbbs3/listfile.cpp b/src/sbbs3/listfile.cpp
index 80c6bb526dd432352d069b9483a2b4e5bd4f30a7..869663d76ca8350899b3ea94fee956e786157881 100644
--- a/src/sbbs3/listfile.cpp
+++ b/src/sbbs3/listfile.cpp
@@ -294,7 +294,7 @@ int sbbs_t::listfiles(uint dirnum, const char *filespec, int tofile, long mode)
if(tofile) {
write(tofile,crlf,2);
sprintf(hdr,"%*s",c,nulstr);
- memset(hdr,'�',c);
+ memset(hdr,0xC4,c);
strcat(hdr,crlf);
write(tofile,hdr,strlen(hdr));
}
@@ -302,7 +302,7 @@ int sbbs_t::listfiles(uint dirnum, const char *filespec, int tofile, long mode)
CRLF;
attr(cfg.color[clr_filelstline]);
while(c--)
- outchar('�');
+ outchar('\xC4');
CRLF;
}
}
@@ -1009,11 +1009,13 @@ int sbbs_t::listfileinfo(uint dirnum, char *filespec, long mode)
return(0);
l=(long)filelength(file);
if(!l) {
+ FREE_AND_NULL(usrxfrbuf);
close(file);
return(0);
}
if((ixbbuf=(uchar *)malloc(l))==NULL) {
close(file);
+ FREE_AND_NULL(usrxfrbuf);
errormsg(WHERE,ERR_ALLOC,str,l);
return(0);
}
diff --git a/src/sbbs3/load_cfg.c b/src/sbbs3/load_cfg.c
index ba24ff91a87ba1bb1101643c26b6627c4e697618..f97776690880bab3ef5c935517948782e7a2c363 100644
--- a/src/sbbs3/load_cfg.c
+++ b/src/sbbs3/load_cfg.c
@@ -349,6 +349,7 @@ BOOL read_attr_cfg(scfg_t* cfg, char* error)
if((cfg->color=malloc(MIN_COLORS))==NULL) {
sprintf(error,"Error allocating memory (%u bytes) for colors"
,MIN_COLORS);
+ fclose(instream);
return(FALSE);
}
/* Setup default colors here: */
diff --git a/src/sbbs3/logout.cpp b/src/sbbs3/logout.cpp
index 9fa9941ad6a47406811cc83f912ec073b8a828ad..8c577db1666ffdbe3d66a8cd0b9be796a28920a9 100644
--- a/src/sbbs3/logout.cpp
+++ b/src/sbbs3/logout.cpp
@@ -150,7 +150,7 @@ void sbbs_t::logout()
if(usrlibs>0)
putuserrec(&cfg,useron.number,U_CURDIR,0,cfg.dir[usrdir[curlib][curdir[curlib]]]->code);
hhmmtostr(&cfg,&tm,str);
- strcat(str," ");
+ SAFECAT(str," ");
if(sys_status&SS_USERON)
safe_snprintf(tmp,sizeof(tmp),"T:%3u R:%3lu P:%3lu E:%3lu F:%3lu "
"U:%3luk %lu D:%3luk %lu"
@@ -159,8 +159,8 @@ void sbbs_t::logout()
,logon_dlb/1024UL,logon_dls);
else
SAFEPRINTF(tmp,"T:%3u sec",(uint)(now-answertime));
- strcat(str,tmp);
- strcat(str,"\r\n");
+ SAFECAT(str,tmp);
+ SAFECAT(str,"\r\n");
logline("@-",str);
sys_status&=~SS_USERON;
answertime=now; // Incase we're relogging on
diff --git a/src/sbbs3/mail.cpp b/src/sbbs3/mail.cpp
index 1e82aa860da7026110b7f724af07de857555f441..59f4f465070a220e54c385888ed3d9f6f853bd68 100644
--- a/src/sbbs3/mail.cpp
+++ b/src/sbbs3/mail.cpp
@@ -72,6 +72,7 @@ int sbbs_t::delmail(uint usernumber, int which)
}
smb_rewind(smb.sid_fp);
for(l=0;l<smb.status.total_msgs;) {
+ memset(&msg, 0, sizeof(msg));
if(smb_fread(&smb,&msg.idx,sizeof(idxrec_t),smb.sid_fp)!=sizeof(idxrec_t))
break;
if(!(msg.idx.attr&MSG_PERMANENT)
diff --git a/src/sbbs3/mailsrvr.c b/src/sbbs3/mailsrvr.c
index b5fefd5a289cbacf3bf979eeb5a4ea76bcf37fd2..bd826f15ff33becfaab9f2e8c8a7ab248382a240 100644
--- a/src/sbbs3/mailsrvr.c
+++ b/src/sbbs3/mailsrvr.c
@@ -2208,11 +2208,13 @@ static int chk_received_hdr(SOCKET socket,const char *buf,IN_ADDR *dnsbl_result,
ai.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV|AI_PASSIVE;
if(getaddrinfo(p, NULL, &ai, &res)!=0)
break;
- if(res->ai_family == AF_INET6)
+ if(res->ai_family == AF_INET6) {
memcpy(&addr, res->ai_addr, res->ai_addrlen);
- else
+ freeaddrinfo(res);
+ } else {
+ freeaddrinfo(res);
break;
- freeaddrinfo(res);
+ }
}
else {
strncpy(ip,p,16);
diff --git a/src/sbbs3/main.cpp b/src/sbbs3/main.cpp
index 13579c8308f266f648afaa126574149572cfa2ca..472211f6bdf53f8c801af98848976b996769cc2e 100644
--- a/src/sbbs3/main.cpp
+++ b/src/sbbs3/main.cpp
@@ -726,8 +726,10 @@ js_log(JSContext *cx, uintN argc, jsval *arglist)
}
for(; i<argc; i++) {
- if((str=JS_ValueToString(cx, argv[i]))==NULL)
+ if((str=JS_ValueToString(cx, argv[i]))==NULL) {
+ FREE_AND_NULL(line);
return(JS_FALSE);
+ }
JSSTRING_TO_RASTRING(cx, str, line, &line_sz, NULL);
if(line==NULL)
return(JS_FALSE);
@@ -740,7 +742,8 @@ js_log(JSContext *cx, uintN argc, jsval *arglist)
lprintf(level,"Node %d %s", sbbs->cfg.node_num, line);
JS_RESUMEREQUEST(cx, rc);
}
- free(line);
+ if(line != NULL)
+ free(line);
if(str==NULL)
JS_SET_RVAL(cx, arglist, JSVAL_VOID);
@@ -844,6 +847,7 @@ js_write(JSContext *cx, uintN argc, jsval *arglist)
sbbs->bputs(cstr);
JS_RESUMEREQUEST(cx, rc);
}
+ FREE_AND_NULL(cstr);
if(str==NULL)
JS_SET_RVAL(cx, arglist, JSVAL_VOID);
@@ -876,6 +880,8 @@ js_write_raw(JSContext *cx, uintN argc, jsval *arglist)
sbbs->putcom(str, len);
JS_RESUMEREQUEST(cx, rc);
}
+ if (str != NULL)
+ free(str);
return(JS_TRUE);
}
diff --git a/src/sbbs3/netmail.cpp b/src/sbbs3/netmail.cpp
index c754c8166428f0d1e1cf359cbc374efb4e2ca2c3..f32b6022fcaade23f0fccfa3231705523b486392 100644
--- a/src/sbbs3/netmail.cpp
+++ b/src/sbbs3/netmail.cpp
@@ -8,7 +8,7 @@
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
* *
- * Copyright 2015 Rob Swindell - http://www.synchro.net/copyright.html *
+ * Copyright Rob Swindell - http://www.synchro.net/copyright.html *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
@@ -118,7 +118,7 @@ bool sbbs_t::inetmail(const char *into, const char *subj, long mode)
for(x=0;x<cfg.total_prots;x++)
if(cfg.prot[x]->ulcmd[0] && chk_ar(cfg.prot[x]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[x]->mnemonic);
- strcat(str,tmp);
+ SAFECAT(str,tmp);
}
ch=(char)getkeys(str,0);
if(ch==text[YNQP][2] || sys_status&SS_ABORT) {
diff --git a/src/sbbs3/prntfile.cpp b/src/sbbs3/prntfile.cpp
index 124ee5ec5c28ed8b1095a0c3a10d4a389e2e2fdb..9b7830f03cbf51e0fcd826bcb0724bb447a15923 100644
--- a/src/sbbs3/prntfile.cpp
+++ b/src/sbbs3/prntfile.cpp
@@ -90,12 +90,12 @@ void sbbs_t::printfile(char *str, long mode)
length=(long)filelength(file);
if(length<0) {
- close(file);
+ fclose(stream);
errormsg(WHERE,ERR_CHK,str,length);
return;
}
if((buf=(char*)malloc(length+1L))==NULL) {
- close(file);
+ fclose(stream);
errormsg(WHERE,ERR_ALLOC,str,length+1L);
return;
}
diff --git a/src/sbbs3/qwktomsg.cpp b/src/sbbs3/qwktomsg.cpp
index 338a9119417b142192f8a1e5c9b59154fd9e418c..84fa6e80232fe9bdd0860c58d91cac044a6e2bf4 100644
--- a/src/sbbs3/qwktomsg.cpp
+++ b/src/sbbs3/qwktomsg.cpp
@@ -278,6 +278,7 @@ bool sbbs_t::qwk_import_msg(FILE *qwk_fp, char *hdrblk, ulong blocks
if(fread(qwkbuf,QWK_BLOCK_LEN,blocks-1,qwk_fp) != blocks-1) {
free(qwkbuf);
errormsg(WHERE,ERR_READ,"QWK msg blocks",(blocks-1)*QWK_BLOCK_LEN);
+ return false;
}
bodylen=0;
diff --git a/src/sbbs3/rechocfg.c b/src/sbbs3/rechocfg.c
index 53945bdf84f099c8b19faf6f7c8251b1f2b2e124..cc1c52f22b4f1c2029914b0d8a18e962cf57a4c8 100644
--- a/src/sbbs3/rechocfg.c
+++ b/src/sbbs3/rechocfg.c
@@ -307,8 +307,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/******************/
str_list_t archivelist = iniGetSectionList(ini, "archive:");
cfg->arcdefs = strListCount(archivelist);
- if((cfg->arcdef = realloc(cfg->arcdef, sizeof(arcdef_t)*cfg->arcdefs)) == NULL)
+ if((cfg->arcdef = realloc(cfg->arcdef, sizeof(arcdef_t)*cfg->arcdefs)) == NULL) {
+ strListFree(&archivelist);
return false;
+ }
cfg->arcdefs = 0;
char* archive;
while((archive=strListRemove(&archivelist, 0)) != NULL) {
@@ -327,8 +329,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/****************/
str_list_t nodelist = iniGetSectionList(ini, "node:");
cfg->nodecfgs = strListCount(nodelist);
- if((cfg->nodecfg = realloc(cfg->nodecfg, sizeof(nodecfg_t)*cfg->nodecfgs)) == NULL)
+ if((cfg->nodecfg = realloc(cfg->nodecfg, sizeof(nodecfg_t)*cfg->nodecfgs)) == NULL) {
+ strListFree(&nodelist);
return false;
+ }
cfg->nodecfgs = 0;
char* node;
while((node=strListRemove(&nodelist, 0)) != NULL) {
@@ -383,8 +387,10 @@ bool sbbsecho_read_ini(sbbsecho_cfg_t* cfg)
/**************/
str_list_t echolists = iniGetSectionList(ini, "echolist:");
cfg->listcfgs = strListCount(echolists);
- if((cfg->listcfg = realloc(cfg->listcfg, sizeof(echolist_t)*cfg->listcfgs)) == NULL)
+ if((cfg->listcfg = realloc(cfg->listcfg, sizeof(echolist_t)*cfg->listcfgs)) == NULL) {
+ strListFree(&echolists);
return false;
+ }
cfg->listcfgs = 0;
char* echolist;
while((echolist=strListRemove(&echolists, 0)) != NULL) {
diff --git a/src/sbbs3/sbbsecho.c b/src/sbbs3/sbbsecho.c
index 6345e082020e61e93cfac007219b544a92694e7f..ea2f0e92ecd09efdd13c9a7ac3ff65270b576c5d 100644
--- a/src/sbbs3/sbbsecho.c
+++ b/src/sbbs3/sbbsecho.c
@@ -5941,7 +5941,8 @@ int main(int argc, char **argv)
cmdline[0]=0;
for(i=1;i<argc;i++) {
- sprintf(cmdline+strlen(cmdline), "%s ", argv[i]);
+ SAFECAT(cmdline, argv[i]);
+ SAFECAT(cmdline, " ");
if(argv[i][0]=='-'
#if !defined(__unix__)
|| argv[i][0]=='/'
diff --git a/src/sbbs3/scfgsave.c b/src/sbbs3/scfgsave.c
index 7868a441dd4fa8244ef2bd9f3d0ddb31b602b0ba..ced7977f8f58092875cde74860006c93924aed65 100644
--- a/src/sbbs3/scfgsave.c
+++ b/src/sbbs3/scfgsave.c
@@ -660,6 +660,7 @@ BOOL DLLCALL write_file_cfg(scfg_t* cfg, int backup_level)
put_int(cfg->cdt_up_pct,stream);
put_int(cfg->cdt_dn_pct,stream);
put_int(l,stream); /* unused */
+ memset(cmd, 0, sizeof(cmd));
put_str(cmd,stream);
put_int(cfg->leech_pct,stream);
put_int(cfg->leech_sec,stream);
diff --git a/src/sbbs3/services.c b/src/sbbs3/services.c
index 763e2c65172c5b021090672255ff74b906b504ba..9cfec055f916d39b72fec07bfb9116ba7baa0b94 100644
--- a/src/sbbs3/services.c
+++ b/src/sbbs3/services.c
@@ -1577,6 +1577,7 @@ static service_t* read_services_ini(const char* services_ini, service_t* service
fclose(fp);
lprintf(LOG_CRIT,"!MALLOC FAILURE");
free(default_interfaces);
+ iniFreeStringList(sec_list);
return(service);
}
service=np;
diff --git a/src/sbbs3/str.cpp b/src/sbbs3/str.cpp
index f37020131c352a62449d2cc6de15164d40b3968b..5dde5a9ac3409739319271d48be2d7b61c713fc2 100644
--- a/src/sbbs3/str.cpp
+++ b/src/sbbs3/str.cpp
@@ -159,6 +159,7 @@ void sbbs_t::sif(char *fname, char *answers, long len)
}
if(lread(file,buf,length)!=length) {
close(file);
+ free(buf);
errormsg(WHERE,ERR_READ,str,length);
answers[0]=0;
return;
@@ -328,6 +329,7 @@ void sbbs_t::sof(char *fname, char *answers, long len)
close(file);
errormsg(WHERE,ERR_READ,str,length);
answers[0]=0;
+ free(buf);
return;
}
close(file);
diff --git a/src/sbbs3/telgate.cpp b/src/sbbs3/telgate.cpp
index a7582b081e35ae2f9cfe1929c80c3699acde309a..4ce53c49521d9cf065baab049827a3f67f165544 100644
--- a/src/sbbs3/telgate.cpp
+++ b/src/sbbs3/telgate.cpp
@@ -150,7 +150,7 @@ void sbbs_t::telnet_gate(char* destaddr, ulong mode, char* client_user_name, cha
while(online) {
if(!(mode&TG_NOCHKTIME))
gettimeleft();
- rd=RingBufRead(&inbuf,buf,sizeof(buf));
+ rd=RingBufRead(&inbuf,buf,sizeof(buf)-1);
if(rd) {
#if 0
if(memchr(buf,TELNET_IAC,rd)) {
diff --git a/src/sbbs3/tmp_xfer.cpp b/src/sbbs3/tmp_xfer.cpp
index 6da3d30f695bbd2d43afb7e81159e0ead21e3fc0..71a1ba1dd1242f0f301ca29c3dbca8f3dde569d6 100644
--- a/src/sbbs3/tmp_xfer.cpp
+++ b/src/sbbs3/tmp_xfer.cpp
@@ -8,7 +8,7 @@
* @format.tab-size 4 (Plain Text/Source Code File Header) *
* @format.use-tabs true (see http://www.synchro.net/ptsc_hdr.html) *
* *
- * Copyright 2011 Rob Swindell - http://www.synchro.net/copyright.html *
+ * Copyright Rob Swindell - http://www.synchro.net/copyright.html *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
@@ -171,7 +171,7 @@ void sbbs_t::temp_xfer()
for(i=0;i<cfg.total_prots;i++)
if(cfg.prot[i]->dlcmd[0] && chk_ar(cfg.prot[i]->ar,&useron,&client)) {
sprintf(tmp,"%c",cfg.prot[i]->mnemonic);
- strcat(tmp2,tmp);
+ SAFECAT(tmp2,tmp);
}
ungetkey(useron.prot);
ch=(char)getkeys(tmp2,0);
diff --git a/src/sbbs3/userdat.c b/src/sbbs3/userdat.c
index 6ec1565f2fc93ac2a3a7afa6ba34fce66724b5ec..2e9a39f6f812235dbf38212e206db3c4e1cd70b9 100644
--- a/src/sbbs3/userdat.c
+++ b/src/sbbs3/userdat.c
@@ -2039,8 +2039,13 @@ int DLLCALL putuserrec(scfg_t* cfg, int usernumber,int start, uint length, const
return(-4);
}
- if(length==0) /* auto-length */
+ if(length==0) { /* auto-length */
length=user_rec_len(start);
+ if((long)length < 0) {
+ close(file);
+ return -2;
+ }
+ }
strcpy(str2,str);
if(strlen(str2)<length) {
@@ -2058,8 +2063,10 @@ int DLLCALL putuserrec(scfg_t* cfg, int usernumber,int start, uint length, const
i++;
}
- if(i>=LOOP_NODEDAB)
+ if(i>=LOOP_NODEDAB) {
+ close(file);
return(-3);
+ }
write(file,str2,length);
unlock(file,(long)((long)(usernumber-1)*U_LEN)+start,length);
diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 70f27ef5a7922e0c58491953bfc9d8ad04445e0a..ba9a95c1b1d7947207eb3e1f81935413515dcf10 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -1407,6 +1407,7 @@ static int sock_sendfile(http_session_t *session,char *path,unsigned long start,
if(start || end) {
if(lseek(file, start, SEEK_SET)==-1) {
lprintf(LOG_WARNING,"%04d !ERROR %d seeking to position %lu in %s",session->socket,ERROR_VALUE,start,path);
+ close(file);
return(0);
}
remain=end-start+1;
@@ -1417,6 +1418,7 @@ static int sock_sendfile(http_session_t *session,char *path,unsigned long start,
while((i=read(file, buf, remain>sizeof(buf)?sizeof(buf):remain))>0) {
if(writebuf(session,buf,i)!=i) {
lprintf(LOG_WARNING,"%04d !ERROR sending %s",session->socket,path);
+ close(file);
return(0);
}
ret+=i;
@@ -2328,6 +2330,7 @@ static void js_add_header(http_session_t * session, char *key, char *value)
return;
strlwr(lckey);
if((js_str=JS_NewStringCopyZ(session->js_cx, value))==NULL) {
+ free(lckey);
return;
}
JS_DefineProperty(session->js_cx, session->js_header, lckey, STRING_TO_JSVAL(js_str)
@@ -3710,6 +3713,7 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
// TODO: UNIX-domain sockets...
if (strncmp(path, "unix:", 5) == 0) {
lprintf(LOG_ERR, "%04d UNIX-domain FastCGI sockets not supported (yet)", client_sock);
+ free(path);
return INVALID_SOCKET;
}
@@ -3720,6 +3724,7 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
result = getaddrinfo(path, port, &hints, &res);
if(result != 0) {
lprintf(LOG_ERR, "%04d ERROR resolving FastCGI address %s port %s", client_sock, path, port);
+ free(path);
return INVALID_SOCKET;
}
for(cur=res,result=1; result && cur; cur=cur->ai_next) {
@@ -3750,11 +3755,13 @@ static SOCKET fastcgi_connect(const char *orig_path, SOCKET client_sock)
freeaddrinfo(res);
if(sock == INVALID_SOCKET) {
lprintf(LOG_ERR, "%04d ERROR unable to make FastCGI connection to %s", client_sock, orig_path);
+ free(path);
return sock;
}
val = 0;
ioctlsocket(sock,FIONBIO,&val);
+ free(path);
return sock;
}
@@ -3841,6 +3848,7 @@ static BOOL fastcgi_send_params(SOCKET sock, http_session_t *session)
for(i=0; env[i]; i++) {
if (!fastcgi_add_param(&msg, &end, &size, env[i])) {
free(msg);
+ strListFree(&env);
return FALSE;
}
if (end > 32000) {
@@ -3848,11 +3856,13 @@ static BOOL fastcgi_send_params(SOCKET sock, http_session_t *session)
if (sendsocket(sock, (void *)msg, sizeof(struct fastcgi_header) + end) != (sizeof(struct fastcgi_header) + end)) {
lprintf(LOG_ERR, "%04d ERROR sending FastCGI params", session->socket);
free(msg);
+ strListFree(&env);
return FALSE;
}
end = 0;
}
}
+ strListFree(&env);
if (end) {
msg->head.len = htons(end);
if (sendsocket(sock, (void *)msg, sizeof(struct fastcgi_header) + end) != (sizeof(struct fastcgi_header) + end)) {
@@ -5152,7 +5162,7 @@ js_set_cookie(JSContext *cx, uintN argc, jsval *arglist)
if(!p)
return(JS_FALSE);
header+=sprintf(header,"%s",p);
- free(p);
+ FREE_AND_NULL(p);
if(argc>2) {
if(!JS_ValueToInt32(cx,argv[2],&i))
return JS_FALSE;
@@ -5164,15 +5174,15 @@ js_set_cookie(JSContext *cx, uintN argc, jsval *arglist)
JSVALUE_TO_MSTRING(cx, argv[3], p, NULL);
if(p!=NULL && *p) {
header += sprintf(header,"; domain=%s",p);
- free(p);
}
+ FREE_AND_NULL(p);
}
if(argc>4) {
JSVALUE_TO_MSTRING(cx, argv[4], p, NULL);
if(p!=NULL && *p) {
header += sprintf(header,"; path=%s",p);
- free(p);
}
+ FREE_AND_NULL(p);
}
if(argc>5) {
JS_ValueToBoolean(cx, argv[5], &b);
diff --git a/src/sbbs3/writemsg.cpp b/src/sbbs3/writemsg.cpp
index c757b7e22b6d47cfb08b2e94bf7292a0f627abed..90bbce1f3197bd89634143b0e3f6c413f79d6517 100644
--- a/src/sbbs3/writemsg.cpp
+++ b/src/sbbs3/writemsg.cpp
@@ -174,8 +174,10 @@ int sbbs_t::process_edited_file(const char* src, const char* dest, long mode, un
if((buf=(char*)malloc(len+1))==NULL)
return -2;
- if((fp=fopen(src,"rb"))==NULL)
+ if((fp=fopen(src,"rb"))==NULL) {
+ free(buf);
return -3;
+ }
memset(buf,0,len+1);
fread(buf,len,sizeof(char),fp);
@@ -220,10 +222,10 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *subj, long mode,
if(editor!=NULL)
*editor=NULL;
- if((buf=(char*)malloc(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN))
+ if((buf=(char*)malloc((cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) + 1))
==NULL) {
errormsg(WHERE,ERR_ALLOC,fname
- ,cfg.level_linespermsg[useron_level]*MAX_LINE_LEN);
+ ,(cfg.level_linespermsg[useron_level]*MAX_LINE_LEN) +1);
return(false);
}
diff --git a/src/sbbs3/xtrn.cpp b/src/sbbs3/xtrn.cpp
index 18b0f40bff5b69d6c3e14a5621d8f2bbf4bd6abb..efb7d80d6a9a6176bbf0a67d03bd753e57f39aef 100644
--- a/src/sbbs3/xtrn.cpp
+++ b/src/sbbs3/xtrn.cpp
@@ -2065,7 +2065,7 @@ char* sbbs_t::cmdstr(const char *instr, const char *fpath, const char *fspec, ch
else
cmd=outstr;
len=strlen(instr);
- for(i=j=0;i<len && j<(int)sizeof(cmdstr_output);i++) {
+ for(i=j=0; i<len && j < (int)sizeof(cmdstr_output)-1; i++) {
if(instr[i]=='%') {
i++;
cmd[j]=0;
@@ -2229,7 +2229,7 @@ char* DLLCALL cmdstr(scfg_t* cfg, user_t* user, const char* instr, const char* f
if(cmd==NULL) cmd=buf;
len=strlen(instr);
- for(i=j=0;i<len && j<MAX_PATH;i++) {
+ for(i=j=0; i<len && j < sizeof(buf)-1; i++) {
if(instr[i]=='%') {
i++;
cmd[j]=0;
diff --git a/src/sbbs3/xtrn_sec.cpp b/src/sbbs3/xtrn_sec.cpp
index a4a91a666dff94cce0b18cd1c2546b35353ac4a7..726201dda5a9ca565ff85d33b497c32b060dc7fa 100644
--- a/src/sbbs3/xtrn_sec.cpp
+++ b/src/sbbs3/xtrn_sec.cpp
@@ -275,7 +275,7 @@ static void lfexpand(char *str, ulong misc)
if(misc&XTRN_NATIVE)
return;
- for(p=str;*p && len < sizeof(newstr)-1;p++) {
+ for(p=str;*p && len < sizeof(newstr)-2;p++) {
if(*p=='\n')
newstr[len++]='\r';
newstr[len++]=*p;
@@ -403,7 +403,7 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
strcpy(str,cfg.xtrn[i]->name);
else
str[0]=0; /* Blank if no access */
- strcat(str,"\n");
+ SAFECAT(str,"\n");
lfexpand(str,misc);
write(file,str,strlen(str));
}
@@ -794,6 +794,7 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
write(file,&logontime,sizeof(logontime)); /* LoginSec */
write(file,&useron.cdt,sizeof(useron.cdt)); /* Credit */
write(file,&useron.number,sizeof(useron.number)); /* UserRecNum */
+ i=0;
write(file,&i,2); /* ReadThru */
write(file,&i,2); /* PageTimes */
write(file,&i,2); /* DownLimit */
@@ -1076,9 +1077,14 @@ void sbbs_t::xtrndat(const char *name, const char *dropdir, uchar type, ulong tl
write(file,name,26); /* Name */
sprintf(str,"%.24s",useron.location);
write(file,str,25); /* Location */
- write(file,useron.pass,13); /* Password */
- write(file,useron.phone,14); /* Business or Data Phone */
- write(file,useron.phone,14); /* Home or Voice Phone */
+ write(file,useron.pass, 9); /* Password */
+ l=0;
+ write(file, &l, 4); /* more password bytes */
+ c=0;
+ write(file,useron.phone, 13); /* Business or Data Phone */
+ write(file, &c, 1); /* more phone number bytes */
+ write(file,useron.phone, 13); /* Home or Voice Phone */
+ write(file, &c, 1); /* more phone number bytes */
i=unixtojulian(useron.laston);
write(file,&i,2); /* Date last on */
localtime32(&useron.laston,&tm);
@@ -1467,8 +1473,8 @@ void sbbs_t::moduserdat(uint xtrnnum)
ultoac(mod>0L ? mod : -mod,tmp); /* put commas in the # */
strcpy(str,"Credit Adjustment: ");
if(mod<0L)
- strcat(str,"-"); /* negative, put '-' */
- strcat(str,tmp);
+ SAFECAT(str,"-"); /* negative, put '-' */
+ SAFECAT(str,tmp);
if(mod>0L)
strcpy(tmp,"$+");
else
@@ -1670,7 +1676,7 @@ bool sbbs_t::exec_xtrn(uint xtrnnum)
}
if(cfg.xtrn[xtrnnum]->misc&XTRN_LWRCASE)
strlwr(name);
- strcat(path,name);
+ SAFECAT(path,name);
if(action!=NODE_PCHT) {
getnodedat(cfg.node_num,&thisnode,1);
thisnode.action=NODE_XTRN;
diff --git a/src/sbbs3/zmodem.c b/src/sbbs3/zmodem.c
index e2626e44089a2a1a8c6a0fedd3b789998d2156ee..34a9fffd445cdb990b541efd0ae2b40bcb218b2e 100644
--- a/src/sbbs3/zmodem.c
+++ b/src/sbbs3/zmodem.c
@@ -2014,6 +2014,7 @@ int zmodem_recv_files(zmodem_t* zm, const char* download_dir, uint64_t* bytes_re
}
start_bytes=filelength(fileno(fp));
if(start_bytes < 0) {
+ fclose(fp);
lprintf(zm,LOG_ERR,"Invalid file length %"PRId64": %s", start_bytes, fpath);
break;
}