1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/services.c

    From rswindell@VERT to CVS commit on Tuesday, April 23, 2019 09:31:41
    src/sbbs3 services.c 1.327 1.328
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv1307

    Modified Files:
    services.c
    Log Message:
    Check the relevant service's configured log_level before logging messages
    (e.g. "<service> connection accepted from: <ip_addr> port <num>").
    Some strcpy->SAFECOPY, sprintf->SAFEPRINTF replacements for good measure.


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thursday, August 08, 2019 17:49:19
    src/sbbs3 services.c 1.330 1.331
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv16636

    Modified Files:
    services.c
    Log Message:
    Fix long standing bug with the global JS function login():
    A few *service.js scripts call this function without a password argument
    (the second argument), e.g. login("guest");
    If there was no guest account (or the guest account had a password assigned), this would result in a failed login attempt as "guest" along with a garbage password (e.g. a floating point number, like 3.7042561) and since it would
    be a unique garbage password for each login() call without an actual password specified, these login() calls would be counted as unique failed login attempts and potentially cause the client's IP address to be added to the hack.log
    and even ip.can (IP address filter).

    As seen on Mortifis' system where VERT was filtereed due to
    "SUSPECTED NNTP LOGIN HACK ATTEMPT", likely due to the daily sbbslist verifications when just perform a TCP connection and no actual login attempt, but nntpservice.js would still call login("guest") before the client (vert) would be disconnected.


    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sunday, August 21, 2022 18:35:34
    https://gitlab.synchro.net/main/sbbs/-/commit/9bd552ed13142092f54e2b2b
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Improve JavaScript-related error messages and fix potential JS runtime leak

    If a new JS context could not be created for any reason, a JS runtime would still be allocated (and leaked), potentially leading to out of memory situations which had been seen (before this change) on vert.synchro.net.
    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net