If the destination point node is not a linked node (does not exist in sbbsecho.ini), but the boss node is linked, automatically route to the boss node. The log entries look like this when this happens:
"Routing packet (%s) to boss-node %s"
"Routing NetMail (%s) to boss-node %s"

For poindexter FORTRAN (REALITY) - test results appreciated.

Incremented SBBSecho version to 3.13.

Previously, any DNS blacklist-exempt email addresses (in ctrl/dnsbl_exempt.cfg) had to be used in the mail-envelope (the "MAIL FROM:" address) - that doesn't work for all senders that use re-mailers or whatever where you end-up with some *bounce* address as the envelope-sender.

So now, clear the DNSBL results when the From header field is parsed and the sender was in fact an exempt sender. Note: the Subject line will still contain the SPAM tag if the subject was parsed first (came earlier in the message header). May need to address this limitation in the future if it turns out to be a problem (!).

Lowercase the [smtp|smtps]spy.txt log file.

protected_*_adjust() only adjusts now.

Deal with the resulting warnings (using (void)).
Deal with the incorrect integer to protected_int* assignment in services.c
(just don't support server.clients property reading in service scripts).

Also, the strcpy()->SAFECOPY() change in ftpsrvr.c was wrong, caught
by GCC warning - oops.

Also, fix things that incorrectly reach into the protected_*_t to
incorrectly access values.

This reverts commit ced63e12.

Didn't work for .cpp files:
stdatomic.h:40:9: error: ‘_Atomic’ does not name a type
typedef _Atomic _Bool atomic_bool

Previously, 403 was only returned if they existed, and 404 if they
didn't.

No need to get time() here since it's never checked.

Resolves CID 174292

Have free_paragraphs() explicitly allow paragraphs to be NULL and
have everything use the fail_return which now free()s ret.

Previously, more than 999 arguments would overrun a buffer and break
things.

Fixes CID 33313

Are you tired of getting TLS-related error log messages that you can't do anything about? e.g.
web  0139 TLS ERROR 'Received TLS alert message: Unexpected message' (-15) setting session active

The new sbbs.ini [web] TLSErrorLevel option (defaults to 0 / "Emergency") allows the sysop to set a cap (maximum severity) on TLS-related log messages in the web server (e.g. TLSErrorLevel=Warning).

x points to the terminating NUL in x64.  free()ing it would do wild
and crazy things depending on how paranoid the free() implementation
is.

free(x64) instead... at least Coverity was happy though!

The socket set allocated by xpms_create() was never freed. Found by Coverity.

Deuce said to just delete it. <shrug>

The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.

However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).

So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.

This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).

The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.

However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).

So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.

This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Make Coverity happy.

Make Coverity happy.

Hopefully not introducing any bugs in the process.

Hopefully not introducing any bugs in the process.

The new subject line parsing (with quoted-filename support) had a NULL-pointer deref built-in.

Also fixed a few Coverity-reported issues.