_  _    __    ___  __    ___  _____  _  _
 ( \( )  /__\  / __)(  )  / __)(  _  )( \( )
  )  (  /(__)\( (__  )(__( (__  )(_)(  )  (
 (_)\_)(__)(__)\___)(____)\___)(_____)(_)\_)

The History of Hacking  ·  May 31 – June 2, 2026  ·  Carolina Beach, NC

Connect from your terminal: telnet naclconbbs.net 23  |  ssh naclconbbs.net -p 2222

  1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/netmail.cpp qwktomsg.cpp

    From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wed May 6 19:41:53 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/22d5c8a53a3577b45978b6b1
    Modified Files:
    src/sbbs3/netmail.cpp qwktomsg.cpp
    Log Message:
    qwk: make sentinel NUL after fread explicit (CIDs 645830, 645831, 645832)

    Both qwktomsg.cpp and netmail.cpp over-allocate the QWK message buffer
    by one block (calloc-zeroed, never written by fread) so downstream strchr/strlen/strlcpy/SAFECOPY scans always terminate within the
    allocation. Coverity can't see the over-allocation invariant and flags SAFECOPY/strListPush/whitespace-loop on the buffer as STRING_NULL or TAINTED_SCALAR. Write the trailing NUL explicitly after each fread so
    the sentinel action is visible. No runtime change (calloc already
    zeroed it).

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net