• src/sbbs3/ansiterm.cpp

    From Rob Swindell@VERT to Git commit to main/sbbs/master on Friday, October 21, 2022 12:10:19
    https://gitlab.synchro.net/main/sbbs/-/commit/25b0e6d73356cc16b825a1a0
    Modified Files:
    src/sbbs3/ansiterm.cpp
    Log Message:
    Fix lost 'unexpected characters' received in ANSI get cursor position response

    Unexpected characters received (maybe typed by the user) were supposed to
    be stuffed in the keyboard input buffer using ungetstr(), but the input string was cleared rather than NUL-terminated before logging the expected character and calling ungetstr(), so nothing (a blank string) was logged and nothing was stuffed in the keyboard input-buffer in this case. Just an off-by-one bug.

    This should fix issue #304. Thanks to Keyop and Nelgin for their persistence
    in reporting and testing (in #synchronet at irc.synchro.net).

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Saturday, October 22, 2022 11:06:57
    https://gitlab.synchro.net/main/sbbs/-/commit/6812da2fd3c14d77c0b5c401
    Modified Files:
    src/sbbs3/ansiterm.cpp
    Log Message:
    Fix CID 319174 (Out-of-bounds write) correctly

    This Coverity reported issue was previously resolved (incorrectly) with
    commit 0c441424 which also introduced a bug that ate all the unexpected
    cursor position report characters (causing issue #304).

    The correct fix was to compare the response length against the buffer size minus one, to leave room for the NUL terminator.

    While fixing this and issue #304, I noticed that this function was using the response length ('rsp') as both the state machine state and string length, which didn't work right if a nearly-matching report/response was received:
    the x/y values would have been stripped from the response before stuffing
    in the keyboard input buffer. So a bit of a refactor here using a proper
    state machine variable.

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net