From f9526b5537b14139de14cf7e3c383c608cfee8cc Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Mon, 14 Aug 2017 10:03:00 +0000
Subject: [PATCH] Added bounds-check in qwk_route(). Fix multi-choice poll
 import (from QWKnet) bug: MaxVotes was used for polls in (not "votes) in
 VOTING.DAT file. Oops.

---
 src/sbbs3/qwk.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/sbbs3/qwk.cpp b/src/sbbs3/qwk.cpp
index d91a1c6839..007e512955 100644
--- a/src/sbbs3/qwk.cpp
+++ b/src/sbbs3/qwk.cpp
@@ -139,6 +139,9 @@ extern "C" int DLLCALL qwk_route(scfg_t* cfg, const char *inaddr, char *fulladdr
 	p=strchr(node,' ');
 	if(p) *p=0;
 
+	if(strlen(node) > LEN_QWKID)
+		return 0;
+
 	SAFEPRINTF(path,"%sqnet/route.dat",cfg->data_dir);
 	if((stream=fnopen(&file,path,O_RDONLY))==NULL)
 		return(0);
@@ -1142,8 +1145,8 @@ bool sbbs_t::qwk_vote(str_list_t ini, const char* section, smb_net_type_t net_ty
 	if(strnicmp(section, "poll:", 5) == 0) {
 
 		smb_hfield_str(&msg, RFC822MSGID, section + 5);
-		msg.hdr.votes = iniGetShortInt(ini, section, "votes", 0);
-		ulong results = iniGetLongInt(ini, section, "results", 0);
+		msg.hdr.votes = iniGetShortInt(ini, section, "MaxVotes", 0);
+		ulong results = iniGetLongInt(ini, section, "Results", 0);
 		msg.hdr.auxattr = (results << POLL_RESULTS_SHIFT) & POLL_RESULTS_MASK;
 		for(int i=0;;i++) {
 			char str[128];
-- 
GitLab