1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/sbbs3/mailsrvr.cpp

    From Rob Swindell (on Debian Linux)@1:103/705 to Git commit to main/sbbs/master on Wed May 6 19:41:53 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/92ae6263408f0ddd5d05d802
    Modified Files:
    src/sbbs3/mailsrvr.cpp
    Log Message:
    mailsrvr: bound sockmimetext line scan with strnlen (CID 639931)

    The inner while-loop walks (*np + len) up to RFC822_MAX_LINE_LEN bytes
    relying on the embedded NUL test to stop early. When np points at the
    "\r\n" literal used as the empty-body fallback (issue #822), Coverity
    loses track of the literal's length and reports a 997-byte OVERRUN.
    Compute the scan length up-front with strnlen so the bound is explicit; behavior is unchanged but the OVERRUN false-positive is silenced.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)