src/sbbs3/chksmb.c

@@ -236,6 +236,7 @@ int main(int argc, char **argv)
 			continue;
 		}
 
+	ZERO_VAR(smb);
 	SAFECOPY(smb.file,argv[x]);
 	p=strrchr(smb.file,'.');
 	s=strrchr(smb.file,'\\');

src/sbbs3/filedat.c

@@ -1302,7 +1302,7 @@ char* cmdstr(scfg_t* cfg, user_t* user, const char* instr, const char* fpath
 /****************************************************************************/
 bool safest_filename(const char* fname)
 {
-	return strspn(fname, SAFEST_FILENAME_CHARS) == strlen(fname);
+	return (fname != NULL) && (strspn(fname, SAFEST_FILENAME_CHARS) == strlen(fname));
 }
 
 /****************************************************************************/
@@ -1310,6 +1310,9 @@ bool safest_filename(const char* fname)
 /****************************************************************************/
 bool illegal_filename(const char *fname)
 {
+	if(fname == NULL)
+		return false;
+
 	size_t len = strlen(fname);
 
 	if(len < 1)
@@ -1342,6 +1345,9 @@ bool illegal_filename(const char *fname)
 /****************************************************************************/
 bool allowed_filename(scfg_t* cfg, const char *fname)
 {
+	if(fname == NULL)
+		return false;
+
 	size_t len = strlen(fname);
 	if(len < 1 || len > cfg->filename_maxlen)
 		return false;

src/sbbs3/fmsgdump.c

@@ -85,7 +85,7 @@ int msgdump(FILE* fp, const char* fname)
 	if(hdr.subj[sizeof(hdr.subj)-1] != 0)
 		fprintf(stderr,"%s Unterminated 'subj' field\n", fname);
 	if(hdr.time[sizeof(hdr.time)-1] != 0)
-		fprintf(stderr,"%s Untermianted 'time' field\n", fname);
+		fprintf(stderr,"%s Unterminated 'time' field\n", fname);
 
 
 	printf("Subj: %.*s\n", (int)sizeof(hdr.subj)-1, hdr.subj);
@@ -103,16 +103,17 @@ int msgdump(FILE* fp, const char* fname)
 		return(__COUNTER__);
 	}
 
-	char* body = calloc((end - sizeof(hdr)) + 1, 1);
+	long len = end - sizeof(hdr);
+	char* body = calloc(len + 1, 1);
 	if(body == NULL) {
 		fprintf(stderr, "!MALLOC failure\n");
 		return __COUNTER__;
 	}
 	fseek(fp, sizeof(hdr), SEEK_SET);
-	fread(body, end - sizeof(hdr), 1, fp);
+	fread(body, len, 1, fp);
 	fprintf(bodyfp, "\n-start of message text-\n");
 	char* p = body;
-	while(*p) {
+	while(*p && p < body + len) {
 		if((p == body || *(p - 1) == '\r') && *p == 1) {
 			fputc('@', ctrlfp);
 			p++;
@@ -132,7 +133,10 @@ int msgdump(FILE* fp, const char* fname)
 			fputc('\n', bodyfp);
 		}
 	}
-	fprintf(bodyfp, "-end of message text-\n");
+	if(p == (body + len) - 1)
+		fprintf(bodyfp, "-end of message text-\n");
+	else
+		fprintf(bodyfp, "-PREMATURE end of message text-\n");
 
 	free(body);
 	printf("\n");

src/sbbs3/js_file.c

@@ -1882,7 +1882,7 @@ js_writebin(JSContext *cx, uintN argc, jsval *arglist)
 		JS_RESUMEREQUEST(cx, rc);
 		return(JS_TRUE);
 	}
-	buffer=malloc(size*count);
+	buffer=calloc(size, count);
 	if(buffer==NULL) {
 		rc=JS_SUSPENDREQUEST(cx);
 		dbprintf(TRUE, p, "malloc failure of %u bytes", size*count);

src/sbbs3/main.cpp

@@ -24,6 +24,7 @@
 #include "telnet.h"
 #include "netwrap.h"
 #include "petdefs.h"
+#include "filedat.h"
 #include "js_rtpool.h"
 #include "js_request.h"
 #include "ssl.h"
@@ -2570,7 +2571,6 @@ static bool is_time_to_run(time_t now, const qhub_t* hub)
 void event_thread(void* arg)
 {
 	char		str[MAX_PATH+1];
-	char		bat_list[MAX_PATH+1];
 	char		semfile[MAX_PATH+1];
 	int			i,j,k;
 	int			file;
@@ -2752,7 +2752,7 @@ void event_thread(void* arg)
 						sbbs->lprintf(LOG_INFO, "Packing completed: %s", str);
 						sbbs->qwk_success(l,0,1);
 						sbbs->putmsgptrs();
-						remove(bat_list);
+						batch_list_clear(&sbbs->cfg, sbbs->useron.number, XFER_BATCH_DOWNLOAD);
 					} else
 						sbbs->lputs(LOG_INFO, "No packet created (no new messages)");
 					sbbs->delfiles(sbbs->cfg.temp_dir,ALLFILES);
@@ -2804,6 +2804,7 @@ void event_thread(void* arg)
 						if(sbbs->pack_qwk(str,&l,true /* pre-pack */)) {
 							sbbs->qwk_success(l,0,1);
 							sbbs->putmsgptrs();
+							batch_list_clear(&sbbs->cfg, sbbs->useron.number, XFER_BATCH_DOWNLOAD);
 						}
 						sbbs->delfiles(sbbs->cfg.temp_dir,ALLFILES);
 						sbbs->console&=~CON_L_ECHO;

src/sbbs3/readmsgs.cpp

@@ -209,6 +209,7 @@ post_t * sbbs_t::loadposts(uint32_t *posts, uint subnum, ulong ptr, long mode, u
 				&& idx.to!=aliascrc && idx.from!=aliascrc
 				&& (useron.number!=1 || idx.to!=sysop))
 				continue;
+			msg.idx=idx;
 			if(!smb_lockmsghdr(&smb,&msg)) {
 				if(!smb_getmsghdr(&smb,&msg)) {
 					if(stricmp(msg.to,useron.alias)

src/sbbs3/sbbsecho.c

@@ -1354,7 +1354,7 @@ void gen_notify_list(nodecfg_t* nodecfg)
 				fprintf(tmpf,"%s",str);
 		}
 
-		if(ftell(tmpf))
+		if(ftell(tmpf) >= 0)
 			file_to_netmail(tmpf,"SBBSecho Notify List",cfg.nodecfg[k].addr, /* To: */cfg.nodecfg[k].name);
 		fclose(tmpf);
 	}
@@ -1772,7 +1772,7 @@ void alter_areas(str_list_t add_area, str_list_t del_area, fidoaddr_t addr, cons
 			}
 	}
 	if (to != NULL) {
-		if (!ftell(nmfile))
+		if (ftell(nmfile) == 0)
 			create_netmail(to,/* msg: */NULL, "Area Management Request", "No changes made."
 				,/* dest: */addr, /* src: */NULL);
 		else
@@ -3590,11 +3590,11 @@ bool getzpt(FILE* stream, fmsghdr_t* hdr)
 {
 	char buf[0x1000];
 	int i,len,cr=0;
-	long pos;
+	off_t pos;
 	fidoaddr_t faddr;
 	bool intl_found = false;
 
-	pos=ftell(stream);
+	pos=ftello(stream);
 	len=fread(buf,1,0x1000,stream);
 	for(i=0;i<len;i++) {
 		if(buf[i]=='\n')	/* ignore line-feeds */
@@ -3626,7 +3626,7 @@ bool getzpt(FILE* stream, fmsghdr_t* hdr)
 		else
 			cr=0;
 	}
-	(void)fseek(stream,pos,SEEK_SET);
+	(void)fseeko(stream,pos,SEEK_SET);
 	return intl_found;
 }
 
@@ -3847,16 +3847,16 @@ size_t terminate_packet(FILE* stream)
 	return fwrite(&terminator, sizeof(terminator), 1, stream);
 }
 
-long find_packet_terminator(FILE* stream)
+off_t find_packet_terminator(FILE* stream)
 {
 	uint16_t	terminator = ~FIDO_PACKET_TERMINATOR;
-	long		offset;
+	off_t		offset;
 
-	if(fseek(stream, 0, SEEK_END) != 0)
+	if(fseeko(stream, 0, SEEK_END) != 0)
 		return 0;
-	offset = ftell(stream);
+	offset = ftello(stream);
 	if(offset >= sizeof(fpkthdr_t)+sizeof(terminator)) {
-		(void)fseek(stream, offset-sizeof(terminator), SEEK_SET);
+		(void)fseeko(stream, offset-sizeof(terminator), SEEK_SET);
 		if(fread(&terminator, 1, sizeof(terminator), stream) == sizeof(terminator)
 			&& terminator==FIDO_PACKET_TERMINATOR)
 			offset -= sizeof(terminator);
@@ -5536,7 +5536,7 @@ void pack_netmail(void)
 			new_pkthdr(&pkthdr, getsysfaddr(addr), addr, nodecfg);
 			(void)fwrite(&pkthdr,sizeof(pkthdr),1,stream);
 		} else
-			(void)fseek(stream,find_packet_terminator(stream),SEEK_SET);
+			(void)fseeko(stream,find_packet_terminator(stream),SEEK_SET);
 
 		lprintf(LOG_DEBUG, "Adding NetMail (%s) to %spacket for %s: %s"
 			,getfname(path)
@@ -5774,7 +5774,7 @@ void import_packets(const char* inbound, nodecfg_t* inbox, bool secure)
 
 			FREE_AND_NULL(fmsgbuf);
 
-			off_t msg_offset = ftell(fidomsg);
+			off_t msg_offset = ftello(fidomsg);
 			/* Read fixed-length header fields */
 			if(fread(&pkdmsg,sizeof(BYTE),sizeof(pkdmsg),fidomsg) != sizeof(pkdmsg))
 				continue;
@@ -5800,9 +5800,16 @@ void import_packets(const char* inbound, nodecfg_t* inbox, bool secure)
 				bad_packet = true;
 				break;
 			}
-			msg_offset = ftell(fidomsg);	// Save offset to msg body
+			msg_offset = ftello(fidomsg);	// Save offset to msg body
 			fmsgbuf = getfmsg(fidomsg, NULL);
-			off_t next_msg = ftell(fidomsg);
+			off_t next_msg = ftello(fidomsg);
+			if(msg_offset < 0 || next_msg < 0) {
+				lprintf(LOG_NOTICE, "Invalid message body offset (%ld, next hdr: %ld) from %s in packet: %s"
+					,(long)msg_offset, (long)next_msg, smb_faddrtoa(&pkt_orig, NULL), packet);
+				printf("Invalid message!\n");
+				bad_packet = true;
+				break;
+			}
 
 			hdr.attr&=~FIDO_LOCAL;	/* Strip local bit, obviously not created locally */
 

src/sbbs3/scfg/scfgnet.c

@@ -922,10 +922,8 @@ void qhub_edit(int num)
 					"This is the QWK System ID of this hub. It is used for incoming and\n"
 					"outgoing network packets and must be accurate.\n"
 				;
-				strcpy(str,cfg.qhub[num]->id);	/* save */
-				if(!uifc.input(WIN_MID|WIN_SAV,0,0,"QWK Network Hub System ID"
-					,cfg.qhub[num]->id,LEN_QWKID,K_UPPER|K_EDIT))
-					strcpy(cfg.qhub[num]->id,str);
+				uifc.input(WIN_MID|WIN_SAV,0,0,"QWK Network Hub System ID"
+					,cfg.qhub[num]->id,LEN_QWKID,K_UPPER|K_EDIT);
 				break;
 			case __COUNTER__:
 				uifc.helpbuf=

src/sbbs3/services.c

@@ -496,7 +496,7 @@ js_logout(JSContext *cx, uintN argc, jsval *arglist)
 	JS_RESUMEREQUEST(cx, rc);
 
 	val = BOOLEAN_TO_JSVAL(JS_FALSE);
-	JS_SetProperty(cx, obj, "logged_in", &val);
+	(void)JS_SetProperty(cx, obj, "logged_in", &val);
 
 	JS_SET_RVAL(cx, arglist,BOOLEAN_TO_JSVAL(JS_TRUE));
 

src/sbbs3/smbutil.c

@@ -502,6 +502,7 @@ void listmsgs(ulong start, ulong count)
 	if(!count)
 		count=~0;
 	while(l<count) {
+		ZERO_VAR(msg);
 		fseek(smb.sid_fp,((start-1L) + l)*idxreclen,SEEK_SET);
 		if(!fread(&msg.idx,sizeof(msg.idx),1,smb.sid_fp))
 			break;
@@ -620,6 +621,7 @@ void viewmsgs(ulong start, ulong count, BOOL verbose)
 	if(!count)
 		count=~0;
 	while(l<count) {
+		ZERO_VAR(msg);
 		fseek(smb.sid_fp,((start-1L) + l) * idxreclen,SEEK_SET);
 		if(!fread(&msg.idx,sizeof(msg.idx),1,smb.sid_fp))
 			break;
@@ -1060,6 +1062,7 @@ void packmsgs(ulong packable)
 		m=n=0;
 		for(l=smb.status.header_offset;l<length;l+=size) {
 			printf("\r%2lu%%  ",(long)(100.0/((float)length/l)));
+			ZERO_VAR(msg);
 			msg.idx.offset=l;
 			if((i=smb_lockmsghdr(&smb,&msg))!=0) {
 				printf("\n(%06lX) smb_lockmsghdr returned %d\n",l,i);

src/sbbs3/userdat.c

@@ -3276,6 +3276,9 @@ BOOL check_name(scfg_t* cfg, const char* name)
 	char	tmp[512];
 	size_t	len;
 
+	if(name == NULL)
+		return FALSE;
+
 	len=strlen(name);
 	if(len<1)
 		return FALSE;