Forum: Lost Crypt BBS

src/syncterm/ripper.c

From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, August 11, 2025 07:41:00

https://gitlab.synchro.net/main/sbbs/-/commit/da21613cf1df6e208cf050a1
Modified Files:
src/syncterm/ripper.c
Log Message:
"Fix" CID 487623

This "defect" is incorrect, but meh.

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, August 11, 2025 10:01:00

https://gitlab.synchro.net/main/sbbs/-/commit/df3049a041766b8d6e2b132c
Modified Files:
src/syncterm/ripper.c
Log Message:
Implement the RIP button explode flag

Fix invert function, and take 50-100ms to "explode" the button.

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, August 11, 2025 10:07:00

https://gitlab.synchro.net/main/sbbs/-/commit/bf88580858251dcb227a658c
Modified Files:
src/syncterm/ripper.c
Log Message:
Cleanup last commit

We don't need to save/restore all this stuff or leak memory.

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, August 11, 2025 12:12:00

https://gitlab.synchro.net/main/sbbs/-/commit/07f235bb8481a2696857e937
Modified Files:
src/syncterm/ripper.c
Log Message:
Handle RIP "ANSI extensions" even more better

This change pulls in the entire sequence if it's available, which
allows packet boundaries anywhere at all.

More fixes for feature request 110.

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Tuesday, August 12, 2025 18:23:00

https://gitlab.synchro.net/main/sbbs/-/commit/7714bcbe5262a9359abccaa9
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix typo

The final char we're looking for here is !, not 1.
Also, suppress a new Coverity false-positive (CID 487652) while we're
here.

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Thursday, August 14, 2025 19:11:00

https://gitlab.synchro.net/main/sbbs/-/commit/7a35f739a5182bb9c396c91b
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix the Coverity suppression maybe?

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Sunday, February 22, 2026 11:38:00

https://gitlab.synchro.net/main/sbbs/-/commit/f73b6e394587333ffd76521c
Modified Files:
src/syncterm/ripper.c
Log Message:
Parse RIP_NO_MORE in RIP_STATE_PIPE, not RIP_STATE_CMD

This will likely screw up on !|0#, but hopefully nobody has ever done
that.

Fixes ticket 218

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Monday, February 23, 2026 16:17:00

https://gitlab.synchro.net/main/sbbs/-/commit/27e6a20fa2b8661b46668d88
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix new potential RIP crash

Would potentially use a negative length after a |#

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Sunday, March 15, 2026 01:06:00

https://gitlab.synchro.net/main/sbbs/-/commit/bb2238f684befe43deb34cea
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix heap buffer overflows in ripper.c RIPscrip command handling

Four strcat() calls append RIPscrip arguments (from the remote server)
to cache_path[MAX_PATH+1] without checking whether the result fits.
The path-traversal guards reject "..", "/", and "\" but do not limit
length. A long filename from a malicious RIPscrip server overflows
the buffer.

Changed to strlcat(cache_path, ..., sizeof(cache_path)) at all four
sites: file-query (&args[6]), icon-load (&args[9] + ".ICN"), and
icon-save (&args[1]). The existing SkyPix download path already had
a strlen() guard and was not affected.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Sunday, March 15, 2026 14:09:00

https://gitlab.synchro.net/main/sbbs/-/commit/2054747bb2823818ea5d1a0d
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix multiple ripper.c security and correctness bugs

Security fixes:
- Add path traversal checks (..//\) to LOAD_ICON, WRITE_ICON,
ENTER_BLOCK_MODE, and font file loading
- Add overflow guard for ICN pixel buffer allocation (32-bit)
- Clamp viewport coordinates to world frame dimensions
- Cap handle_command_str recursion depth to 64
- Fix sprintf stack overflow in FILE_QUERY case 4 (snprintf)
- Guard parse_string NULL return in do_rip_command
- Guard strdup NULL return in bicmp

Correctness fixes:
- Remove incorrect viewport offsets from EXTENDED_TEXT_WINDOW (v2+)
- Fix MOUSE hot field y2 using viewport.sx instead of .sy
- Fix POLY_LINE y1 init using x_dim instead of y_dim
- Fix conn_send length for FILE_QUERY \r\n responses (2 -> 3)
- Fix draw_pixel XOR mode memory leak (freepixels before return)
- Fix ansi_only() missing break before fall-through
- Reject zero dimensions in SET_WORLD_FRAME
- Clamp do_popup dimensions to screen size
- Fix init_rip_ver memory leaks (mouse fields, clipboard, scb)
- Add Amiga font file validation at load time
- Add per-case argc checks in do_skypix
- Handle realloc failure in reinit_screen gracefully
- Add NULL checks for getpixels in set_line and flood fill

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Sunday, March 15, 2026 22:51:00

https://gitlab.synchro.net/main/sbbs/-/commit/5ca54e09393c1068e32e599f
Modified Files:
src/syncterm/ripper.c
Log Message:
Fix draw_button() off-by-one errors for exclusive box coordinates

box.x2/y2 are exclusive (one past end), so:
- Sunken border right/bottom highlight lines drew one pixel too far out
- Recessed border width/height were one pixel too large, pushing the
outer border off-screen for full-width buttons

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Tuesday, March 17, 2026 11:59:00

https://gitlab.synchro.net/main/sbbs/-/commit/e9b4206eb16d93e29dd10df7
Modified Files:
src/syncterm/ripper.c
Log Message:
Replace dead argc check with malloc NULL check in do_skypix()

The argc < 1 guard was unreachable because the counting loop always
increments argc at least once. Replace it with a NULL check on the
malloc() result, which was the actual missing guard.
(Coverity CID 501977)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Deuc¿@VERT to Git commit to main/sbbs/m on Tuesday, March 17, 2026 11:59:00

https://gitlab.synchro.net/main/sbbs/-/commit/7350fd498615bb280d1244dd
Modified Files:
src/syncterm/ripper.c
Log Message:
Check fread() return when loading Amiga font in do_skypix()

A short read would leave amiga_font partially uninitialized before
the byte-swapping and offset validation that follows. Matches the
existing fread check for the font list file earlier in the same
function. (Coverity CID 501980)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Guest
  Tuesday, March 10, 2026 18:06:38
  from Hackertown, North Korea via Telnet
- Guest
  Monday, March 09, 2026 22:42:26
  from Philidelphia, Pa via Telnet
- BitByter
  Saturday, March 07, 2026 04:14:30
  from Groton, CT via Telnet
- Guest
  Friday, February 13, 2026 04:32:48
  from Plano via Raw

System Info

Sysop:	Zerthwind
Location:	Worcester, Ma
Users:	6
Nodes:	10 (0 / 10)
Uptime:	85:35:03
Calls:	18
Files:	1,878
Messages:	17,555

src/syncterm/ripper.c

Who's Online

Recent Visitors

System Info