Subj : src/sbbs3/writemsg.cpp
To   : Git commit to main/sbbs/master
From : Rob Swindell (on Windows)
Date : Thu Apr 13 2023 18:45:54

https://gitlab.synchro.net/main/sbbs/-/commit/ff3864002e9a51e98b1c83f5
Modified Files:
	src/sbbs3/writemsg.cpp
Log Message:
Bounds-check the buffer being written in msgeditor()Replace the suspicious strcpy/strcat's in msgeditor(), the built-in lineeditor, with bounds-enforced snprintf() calls.Also, properly define MAX_LINE_LEN to account for the trailing \r\n on eachline. It appears we've been under allocating the total possible message buffersize (by 2 bytes per line) for a while now.These 2 changes together should fix issue #547: apparent heap corruption dueto 'buf' overflow in msgeditor().Also added a line count check/cap-enforcement with logged error message ifexceeded (should never happen).Also fixed in this commit: off-by-one when enforcing max message length inmsgeditor().Also added checks that the 'cols' (used in MAX_LINE_LEN) are reasonable values(40+), 2 was below the threshold of what would be expected to work sincethere is logic that deducts 4 from cols, for example.
--- SBBSecho 3.20-Linux
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

.