home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   SYNC_PROGRAMMING      Synchronet/Baja/XSDK Programming      49,116 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 47,188 of 49,116   
   Rob Swindell (on Debian Linux) to Git commit to main/sbbs/master   
   src/sbbs3/js_filebase.c js_msgbase.c   
   03 Sep 25 20:43:12   
   
   TZUTC: -0700   
   MSGID: 52583.syncprog@1:103/705 2d1f0e37   
   PID: Synchronet 3.21a-Linux master/27cbebcb9 Aug 10 2025 GCC 12.2.0   
   TID: SBBSecho 3.29-Linux master/93b4d946c Sep 03 2025 GCC 12.2.0   
   BBSID: VERT   
   CHRS: ASCII 1   
   FORMAT: flowed   
   https://gitlab.synchro.net/main/sbbs/-/commit/93b4d946cc12ad15f15773af   
   Modified Files:   
   	src/sbbs3/js_filebase.c js_msgbase.c   
   Log Message:   
   Security improvements to MsgBase and FileBase constructors   
      
   Require an initial 'true' parameter before treating the string argument to   
   the constructor as a path/filename to a msg/file base.   
      
   As Deuce discovered, not all scripts (e.g. the legacy/runemaster web UI) do   
   a good job of validating client/user-supplied parameters to these constructors   
   so a sysop can end up with some unexplained and suspicious-looking SMB files   
   (e.g. *.sid, *.shd, *.sdt) in their ctrl directory (or possibly, but hopefully   
   not, somewhere else).   
      
   So the old "feature" of supporting an arbitrary msg or filebase path passed to   
   the constructor now requires a unique calling pattern so this shouldn't be   
   a problem from now on.   
      
   Also, it appears the arbitrary FileBase creation/opening didn't really work   
   anyway, so that's now fixed.   
      
   Also, do a better job of validating an arbitrary *base path and filename so   
   that malicious(looking) filenames won't be created, ever, using these   
   classes.   
      
   And improve the exception/error messages and JSDOCs.   
   --- SBBSecho 3.29-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 10/0 1 102/401 103/1 705 105/81 106/201 124/5016 128/187   
   SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 610 700 810 226/30   
   SEEN-BY: 227/114 229/110 206 317 400 426 428 470 700 705 266/512 280/464   
   SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280   
   SEEN-BY: 712/848 902/26 5075/35   
   PATH: 103/705 218/700 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca