diff options
-rw-r--r-- | include/proto.h | 2 | ||||
-rw-r--r-- | mbbsd/bbs.c | 2 | ||||
-rw-r--r-- | mbbsd/board.c | 65 | ||||
-rw-r--r-- | mbbsd/mbbsd.c | 2 | ||||
-rw-r--r-- | mbbsd/user.c | 2 |
5 files changed, 41 insertions, 32 deletions
diff --git a/include/proto.h b/include/proto.h index c14b9d34..5c423bbb 100644 --- a/include/proto.h +++ b/include/proto.h @@ -74,7 +74,7 @@ int board_digest(); /* board */ #define setutmpbid(bid) currutmp->brc_id=bid; int brc_unread(const char *fname, int bnum, const int *blist); -int brc_initial(const char *boardname); +int brc_initial_board(const char *boardname); void brc_update(); void brc_finalize(); int HasPerm(boardheader_t *bptr); diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c index 2047b351..5194d414 100644 --- a/mbbsd/bbs.c +++ b/mbbsd/bbs.c @@ -322,7 +322,7 @@ do_select(int ent, fileheader_t * fhdr, char *direct) } setutmpbid(currbid); - brc_initial(bname); + brc_initial_board(bname); set_board(); setbdir(direct, currboard); diff --git a/mbbsd/board.c b/mbbsd/board.c index c02ca00d..dc28ad8d 100644 --- a/mbbsd/board.c +++ b/mbbsd/board.c @@ -11,31 +11,42 @@ * brc_num 1 byte, binary integer * brc_list brc_num * sizeof(int) bytes, brc_num binary integer(s) */ +static time_t brc_expire_time; + /* Will be set to the time one year before login. All the files created + * before then will be recognized read. */ + +static int brc_changed = 0; +/* The below two will be filled by read_brc_buf() and brc_update() */ +char *brc_buf = NULL; +static int brc_size; + +static char * const fn_boardrc = ".boardrc"; + static char * -brc_getrecord(char *ptr, char *name, int *pnum, int *list) +brc_getrecord(char *ptr, char *endp, char *name, int *pnum, int *list) { int num; char *tmp; + if (ptr + BRC_STRLEN + 1 > endp) return endp + 1; strncpy(name, ptr, BRC_STRLEN); /* board_name */ ptr += BRC_STRLEN; num = (*ptr++) & 0xff; /* brc_num */ tmp = ptr + num * sizeof(int); /* end of this record */ - if (num > BRC_MAXNUM) /* FIXME if this happens... may crash next time. */ - num = BRC_MAXNUM; - *pnum = num; - memcpy(list, ptr, num * sizeof(int)); /* brc_list */ + if (tmp <= endp){ + if (num > BRC_MAXNUM) /* FIXME if this happens... may crash next time. */ + num = BRC_MAXNUM; + *pnum = num; + memcpy(list, ptr, num * sizeof(int)); /* brc_list */ + } return tmp; } -static time_t brc_expire_time; - /* Will be set to the time one year before login. All the files created - * before then will be recognized read. */ - static char * -brc_putrecord(char *ptr, const char *name, int num, const int *list) +brc_putrecord(char *ptr, char *endp, const char *name, int num, const int *list) { - if (num > 0 && list[0] > brc_expire_time) { + if (num > 0 && list[0] > brc_expire_time && + ptr + BRC_STRLEN + 1 <= endp) { if (num > BRC_MAXNUM) num = BRC_MAXNUM; @@ -47,19 +58,13 @@ brc_putrecord(char *ptr, const char *name, int num, const int *list) strncpy(ptr, name, BRC_STRLEN); /* write in board_name */ ptr += BRC_STRLEN; *ptr++ = num; /* write in brc_num */ - memcpy(ptr, list, num * sizeof(int)); /* write in brc_list */ + if (ptr + num * sizeof(int) <= endp) + memcpy(ptr, list, num * sizeof(int)); /* write in brc_list */ ptr += num * sizeof(int); } return ptr; } -static int brc_changed = 0; -/* The below two will be filled by read_brc_buf() and brc_update() */ -char *brc_buf = NULL; -static int brc_size; - -static char * const fn_boardrc = ".boardrc"; - static inline void brc_insert_record(const char* board, int num, int* list) { @@ -74,7 +79,7 @@ brc_insert_record(const char* board, int num, int* list) endp = &brc_buf[brc_size]; while (ptr < endp && (*ptr >= ' ' && *ptr <= 'z')) { /* for each available records */ - tmpp = brc_getrecord(ptr, tmp_name, &tmp_num, tmp_list); + tmpp = brc_getrecord(ptr, endp, tmp_name, &tmp_num, tmp_list); if ( tmpp > endp ){ /* dangling, ignore the trailing data */ @@ -90,7 +95,8 @@ brc_insert_record(const char* board, int num, int* list) if( ! found ){ /* put on the beginning */ - ptr = brc_putrecord(tmp_buf, board, num, list); + ptr = brc_putrecord(tmp_buf, tmp_buf + BRC_MAXSIZE, + board, num, list); new_size = (int)(ptr - tmp_buf); if( new_size ){ brc_size += new_size; @@ -103,7 +109,8 @@ brc_insert_record(const char* board, int num, int* list) /* ptr points to the old current brc list. * tmpp is the end of it (exclusive). */ end_size = endp - tmpp; - new_size = (int)(brc_putrecord(tmp_buf, board, num, list) - tmp_buf); + new_size = (int)(brc_putrecord(tmp_buf, tmp_buf + BRC_ITEMSIZE, + board, num, list) - tmp_buf); if( new_size ){ brc_size += new_size - (tmpp - ptr); if ( brc_size > BRC_MAXSIZE ){ @@ -160,11 +167,13 @@ brc_finalize(){ int brc_read_record(const char* bname, int* num, int* list){ char *ptr; + char *endp; char tmp_name[BRC_STRLEN]; ptr = brc_buf; - while (ptr < &brc_buf[brc_size] && (*ptr >= ' ' && *ptr <= 'z')) { + endp = &brc_buf[brc_size]; + while (ptr < endp && (*ptr >= ' ' && *ptr <= 'z')) { /* for each available records */ - ptr = brc_getrecord(ptr, tmp_name, num, list); + ptr = brc_getrecord(ptr, endp, tmp_name, num, list); if (strncmp(tmp_name, bname, BRC_STRLEN) == 0) return *num; } @@ -173,7 +182,7 @@ brc_read_record(const char* bname, int* num, int* list){ } int -brc_initial(const char *boardname) +brc_initial_board(const char *boardname) { if (strcmp(currboard, boardname) == 0) { return brc_num; @@ -341,7 +350,7 @@ init_brdbuf() done = 1; brc_expire_time = login_start_time - 365 * 86400; read_brc_buf(); - brc_initial(DEFAULT_BOARD); + brc_initial_board(DEFAULT_BOARD); set_board(); } @@ -664,7 +673,7 @@ unread_position(char *dirfile, boardstat_t * ptr) total = B_TOTAL(ptr); num = total + 1; if ((ptr->myattr & NBRD_UNREAD) && (fd = open(dirfile, O_RDWR)) > 0) { - if (!brc_initial(B_BH(ptr)->brdname)) { + if (!brc_initial_board(B_BH(ptr)->brdname)) { num = 1; } else { num = total - 1; @@ -1377,7 +1386,7 @@ choose_board(int newflag) if (!(B_BH(ptr)->brdattr & BRD_GROUPBOARD)) { /* 非sub class */ if (HasPerm(B_BH(ptr))) { - brc_initial(B_BH(ptr)->brdname); + brc_initial_board(B_BH(ptr)->brdname); if (newflag) { setbdir(buf, currboard); diff --git a/mbbsd/mbbsd.c b/mbbsd/mbbsd.c index 58ee6f9a..5af63c29 100644 --- a/mbbsd/mbbsd.c +++ b/mbbsd/mbbsd.c @@ -838,7 +838,7 @@ inline static void check_bad_login(void) { inline static void birthday_make_a_wish(struct tm *ptime, struct tm *tmp){ if (currutmp->birth && tmp->tm_mday != ptime->tm_mday) { more("etc/birth.post", YEA); - brc_initial("WhoAmI"); + brc_initial_board("WhoAmI"); set_board(); do_post(); } diff --git a/mbbsd/user.c b/mbbsd/user.c index 737a99b4..d5c1d167 100644 --- a/mbbsd/user.c +++ b/mbbsd/user.c @@ -1422,7 +1422,7 @@ u_register(void) "告訴所有老骨頭\033[31m我來啦^$。\\n\n\n\n"); pressanykey(); cuser.userlevel |= PERM_POST; - brc_initial("WhoAmI"); + brc_initial_board("WhoAmI"); set_board(); do_post(); cuser.userlevel &= ~PERM_POST; |