summaryrefslogtreecommitdiffstats
path: root/mbbsd
diff options
context:
space:
mode:
Diffstat (limited to 'mbbsd')
-rw-r--r--mbbsd/admin.c8
-rw-r--r--mbbsd/bbs.c52
-rw-r--r--mbbsd/board.c77
-rw-r--r--mbbsd/brc.c1
-rw-r--r--mbbsd/cache.c11
-rw-r--r--mbbsd/fav.c4
-rw-r--r--mbbsd/friend.c2
-rw-r--r--mbbsd/io.c7
-rw-r--r--mbbsd/mail.c1
-rw-r--r--mbbsd/menu.c1
-rw-r--r--mbbsd/stuff.c10
-rw-r--r--mbbsd/vote.c4
-rw-r--r--mbbsd/voteboard.c1
13 files changed, 162 insertions, 17 deletions
diff --git a/mbbsd/admin.c b/mbbsd/admin.c
index d4336052..c75c8ef0 100644
--- a/mbbsd/admin.c
+++ b/mbbsd/admin.c
@@ -339,6 +339,7 @@ setup_man(const boardheader_t * board, const boardheader_t * oldboard)
void delete_symbolic_link(boardheader_t *bh, int bid)
{
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
memset(bh, 0, sizeof(boardheader_t));
substitute_record(fn_board, bh, sizeof(boardheader_t), bid);
reset_board(bid);
@@ -417,6 +418,7 @@ m_mod_board(char *bname)
vmsg(err_bid);
return -1;
}
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
prints("看板名稱:%s\n看板說明:%s\n看板bid:%d\n看板GID:%d\n"
"板主名單:%s", bh.brdname, bh.title, bid, bh.gid, bh.BM);
bperm_msg(&bh);
@@ -482,6 +484,7 @@ m_mod_board(char *bname)
prints("看板 %s 原來的 BVote:%d", bh.brdname, bh.bvote);
getdata_str(21, 0, "新的 Bvote:", genbuf, 5, LCECHO, bvotebuf);
newbh.bvote = atoi(genbuf);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, &newbh, sizeof(newbh), bid);
reset_board(bid);
log_usies("SetBoardBvote", newbh.brdname);
@@ -498,6 +501,7 @@ m_mod_board(char *bname)
newbh.brdattr = newbh.brdattr & (!BRD_BAD);
else
newbh.brdattr = newbh.brdattr | BRD_BAD;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, &newbh, sizeof(newbh), bid);
reset_board(bid);
log_usies("ViolateLawSet", newbh.brdname);
@@ -525,6 +529,7 @@ m_mod_board(char *bname)
snprintf(bh.title, sizeof(bh.title),
" %s 看板 %s 刪除", bname, cuser.userid);
post_msg("Security", bh.title, "請注意刪除的合法性", "[系統安全局]");
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, &bh, sizeof(bh), bid);
reset_board(bid);
sort_bcache();
@@ -637,6 +642,7 @@ m_mod_board(char *bname)
Rename(src, tar);
}
setup_man(&newbh, &bh);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, &newbh, sizeof(newbh), bid);
reset_board(bid);
sort_bcache();
@@ -815,6 +821,7 @@ static int add_board_record(const boardheader_t *board)
{
int bid;
if ((bid = getbnum("")) > 0) {
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, board, sizeof(boardheader_t), bid);
reset_board(bid);
sort_bcache();
@@ -952,6 +959,7 @@ int make_symbolic_link(const char *bname, int gid)
bid = getbnum(bname);
if(bid==0) return -1;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
memset(&newboard, 0, sizeof(newboard));
/*
diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c
index 0f6141f9..02eb00e7 100644
--- a/mbbsd/bbs.c
+++ b/mbbsd/bbs.c
@@ -147,6 +147,7 @@ set_board(void)
{
boardheader_t *bp;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if( !HasBoardPerm(bp) ){
vmsg("access control violation, exit");
@@ -223,6 +224,7 @@ CheckPostPerm(void)
last_board_index = getbnum(currboard);
valid_index = 1;
}
+ assert(0<=last_board_index-1 && last_board_index-1<MAX_BOARD);
bp = getbcache(last_board_index);
if(bp->perm_reload != last_chk_time)
@@ -234,6 +236,7 @@ CheckPostPerm(void)
if(!valid_index)
{
last_board_index = getbnum(currboard);
+ assert(0<=last_board_index-1 && last_board_index-1<MAX_BOARD);
bp = getbcache(last_board_index);
}
last_chk_time = bp->perm_reload;
@@ -257,6 +260,7 @@ readtitle(void)
boardheader_t *bp;
char *brd_title;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if(bp->bvote != 2 && bp->bvote)
brd_title = "本看板進行投票中";
@@ -276,6 +280,7 @@ readtitle(void)
#endif
{
char buf[32];
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
sprintf(buf, "人氣:%d ",
SHM->bcache[currbid - 1].nuser);
outslr("", 44, buf, -1);
@@ -441,6 +446,7 @@ do_select(void)
CompleteBoard(MSG_SELECT_BOARD, bname);
if (bname[0] == '\0' || !(i = getbnum(bname)))
return FULLUPDATE;
+ assert(0<=i-1 && i-1<MAX_BOARD);
bh = getbcache(i);
if (!HasBoardPerm(bh))
return FULLUPDATE;
@@ -598,6 +604,7 @@ do_crosspost(const char *brd, fileheader_t *postfile, const char *fpath)
setbdir(genbuf, brd);
if (append_record(genbuf, &fh, sizeof(fileheader_t)) != -1) {
int bid = getbnum(brd);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
SHM->lastposttime[bid - 1] = now;
touchbpostnum(bid, 1);
}
@@ -675,6 +682,7 @@ do_general(int isbid)
int islocal, posttype=-1;
ifuseanony = 0;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if( !CheckPostPerm()
@@ -933,6 +941,7 @@ do_post(void)
{
boardheader_t *bp;
STATINC(STAT_DOPOST);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if (bp->brdattr & BRD_VOTEBOARD)
return do_voteboard(0);
@@ -953,6 +962,7 @@ do_post_openbid(void)
char ans[4];
boardheader_t *bp;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if (!(bp->brdattr & BRD_VOTEBOARD))
{
@@ -972,6 +982,7 @@ do_generalboardreply(/*const*/ fileheader_t * fhdr)
{
char genbuf[3];
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if ( !((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP)) &&
(cuser.firstlogin > (now - (time4_t)bcache[currbid - 1].post_limit_regtime * 2592000) ||
cuser.numlogins < ((unsigned int)(bcache[currbid - 1].post_limit_logins) * 10) ||
@@ -1046,6 +1057,7 @@ b_posttype(int ent, const fileheader_t * fhdr, const char *direct)
if(!(currmode & MODE_BOARD)) return DONOTHING;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
move(2,0);
@@ -1082,6 +1094,7 @@ b_posttype(int ent, const fileheader_t * fhdr, const char *direct)
bp->posttype_f = posttype_f;
strlcpy(bp->posttype, posttype, sizeof(bp->posttype)); /* 這邊應該要防race condition */
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
return FULLUPDATE;
}
@@ -1102,6 +1115,7 @@ do_reply(/*const*/ fileheader_t * fhdr)
return FULLUPDATE;
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
setbfile(quote_file, bp->brdname, fhdr->filename);
if (bp->brdattr & BRD_VOTEBOARD || (fhdr->filemode & FILE_VOTE))
@@ -1128,6 +1142,7 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct)
struct stat oldstat, newstat;
int isSysop = 0, recordTouched = 0;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if (strcmp(bp->brdname, "Security") == 0)
return DONOTHING;
@@ -1292,6 +1307,7 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct)
move(2, 0);
clrtoeol();
move(1, 0);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if (bp && (bp->brdattr & BRD_VOTEBOARD) )
return FULLUPDATE;
@@ -1309,6 +1325,7 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct)
/* 借用變數 */
ent = str_checksum(fhdr->title);
author = getbnum(xboard);
+ assert(0<=author-1 && author-1<MAX_BOARD);
if ((ent != 0 && ent == postrecord.checksum[0]) &&
(author != 0 && author != postrecord.last_bid)) {
@@ -1404,8 +1421,10 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct)
char bname[STRLEN] = "";
struct tm *ptime = localtime4(&now);
int maxlength = 51 +2 - 6;
+ int bid = getbnum(xboard);
- bp = getbcache(getbnum(xboard));
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
+ bp = getbcache(bid);
if ((bp->brdattr & BRD_HIDE) && (bp->brdattr & BRD_POSTMASK))
{
/* mosaic it */
@@ -1446,8 +1465,12 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct)
do_add_recommend(direct, fhdr, ent, buf, 2);
} else
#endif
+ {
+ int bid = getbnum(xboard);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
/* now point bp to new bord */
- bp = getbcache(getbnum(xboard));
+ bp = getbcache(bid);
+ }
/*
* Cross fs有問題 } else { unlink(xfpath); link(fname, xfpath); }
@@ -1528,6 +1551,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct)
int temp;
boardheader_t *bp = getbcache(currbid);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if (!((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP)))
return DONOTHING;
@@ -1561,6 +1585,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct)
temp = atoi(genbuf);
} while (temp < 0 || temp > 2550);
bp->post_limit_posts = (unsigned char)(temp / 10);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
log_usies("SetBoard", bp->brdname);
vmsg("修改完成!");
@@ -1587,6 +1612,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct)
temp = atoi(genbuf);
} while (temp < 0 || temp > 2550);
bp->vote_limit_posts = (unsigned char)(temp / 10);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
log_usies("SetBoard", bp->brdname);
vmsg("修改完成!");
@@ -1650,6 +1676,7 @@ stop_gamble(void)
{
boardheader_t *bp = getbcache(currbid);
char fn_ticket[128], fn_ticket_end[128];
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if (!bp->endgamble || bp->endgamble > now)
return 0;
@@ -1659,6 +1686,7 @@ stop_gamble(void)
rename(fn_ticket, fn_ticket_end);
if (bp->endgamble) {
bp->endgamble = 0;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
}
return 1;
@@ -1672,6 +1700,7 @@ join_gamble(int ent, const fileheader_t * fhdr, const char *direct)
vmsg("目前未舉辦賭盤或賭盤已開獎");
return DONOTHING;
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
ticket(currbid);
return FULLUPDATE;
}
@@ -1685,6 +1714,7 @@ hold_gamble(void)
int i;
FILE *fp = NULL;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if (!(currmode & MODE_BOARD))
return 0;
if (bp->brdattr & BRD_BAD )
@@ -1705,6 +1735,7 @@ hold_gamble(void)
rename(fn_ticket, fn_ticket_end);
if (bp->endgamble) {
bp->endgamble = 0;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
}
@@ -1750,6 +1781,7 @@ hold_gamble(void)
fprintf(fp, "%d\n", i);
if (!getdata(3, 0, "設定自動封盤時間?(Y/n)", yn, 3, LCECHO) || yn[0] != 'n') {
bp->endgamble = gettime(4, now, "封盤於");
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
}
move(6, 0);
@@ -2111,6 +2143,7 @@ recommend(int ent, fileheader_t * fhdr, const char *direct)
int isGuest = (strcmp(cuser.userid, STR_GUEST) == EQUSTR);
int logIP = 0;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if (bp->brdattr & BRD_NORECOMMEND ||
((fhdr->filemode & FILE_MARKED) && (fhdr->filemode & FILE_SOLVED))) {
@@ -2298,6 +2331,7 @@ recommend(int ent, fileheader_t * fhdr, const char *direct)
inc_goodpost(fhdr->owner, 1);
#endif
lastrecommend = now;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
lastrecommend_bid = currbid;
strlcpy(lastrecommend_fname, fhdr->filename, sizeof(lastrecommend_fname));
return FULLUPDATE;
@@ -2344,6 +2378,7 @@ del_range(int ent, const fileheader_t *fhdr, const char *direct)
/* 有三種情況會進這裡, 信件, 看板, 精華區 */
if( !(direct[0] == 'h') ){ /* 信件不用 check */
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
if (strcmp(bp->brdname, "Security") == 0)
return DONOTHING;
@@ -2401,6 +2436,7 @@ del_post(int ent, fileheader_t * fhdr, char *direct)
int not_owned, tusernum;
boardheader_t *bp;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
/* TODO recursive lookup */
@@ -2647,6 +2683,7 @@ b_note_edit_bname(int bid)
char buf[PATHLEN];
int aborted;
boardheader_t *fh = getbcache(bid);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
setbfile(buf, fh->brdname, fn_notes);
aborted = vedit(buf, NA, NULL);
if (aborted == -1) {
@@ -2660,6 +2697,7 @@ b_note_edit_bname(int bid)
"有效日期至");
else
fh->bupdate = 0;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(fn_board, fh, sizeof(boardheader_t), bid);
}
return 0;
@@ -2669,6 +2707,7 @@ static int
b_notes_edit(void)
{
if (currmode & MODE_BOARD) {
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
b_note_edit_bname(currbid);
return FULLUPDATE;
}
@@ -2690,6 +2729,7 @@ visable_list_edit(void)
{
if (currmode & MODE_BOARD) {
friend_edit(BOARD_VISABLE);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
hbflreload(currbid);
return FULLUPDATE;
}
@@ -2746,6 +2786,7 @@ bh_title_edit(void)
if (currmode & MODE_BOARD) {
char genbuf[BTLEN];
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
move(1, 0);
clrtoeol();
@@ -2756,6 +2797,7 @@ bh_title_edit(void)
return 0;
strip_ansi(genbuf, genbuf, STRIP_ALL);
strlcpy(bp->title + 7, genbuf, sizeof(bp->title) - 7);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
log_usies("SetBoard", currboard);
return FULLUPDATE;
@@ -2845,6 +2887,7 @@ push_bottom(int ent, fileheader_t *fhdr, const char *direct)
fhdr->filemode ^= FILE_BOTTOM;
num = delete_record(direct, sizeof(fileheader_t), ent);
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
setbottomtotal(currbid);
return DIRCHANGED;
}
@@ -2896,6 +2939,7 @@ good_post(int ent, fileheader_t * fhdr, const char *direct)
append_record(buf, &digest, sizeof(digest));
#ifdef GLOBAL_DIGEST
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
if(!(getbcache(currbid)->brdattr & BRD_HIDE)) {
getdata(1, 0, "好文值得出版到全站文摘?(N/y)", genbuf2, 3, LCECHO);
if(genbuf2[0] == 'y')
@@ -3112,6 +3156,7 @@ b_config(void)
}
if(touched)
{
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
vmsg("已儲存新設定");
}
@@ -3150,6 +3195,7 @@ change_hidden(void)
outs("君心今已掩抑,惟盼善自珍重。\n");
board_hidden_status = 1;
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
log_usies("SetBoard", bp->brdname);
pressanykey();
@@ -3179,6 +3225,7 @@ change_counting(void)
bp->brdattr |= BRD_BMCOUNT;
outs("快灌水衝十大第一吧。\n");
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
pressanykey();
return FULLUPDATE;
@@ -3306,6 +3353,7 @@ change_cooldown(void)
bp->brdattr |= BRD_COOLDOWN;
outs("開始冷靜。\n");
}
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
pressanykey();
return FULLUPDATE;
diff --git a/mbbsd/board.c b/mbbsd/board.c
index 2d261d5c..3407f0a4 100644
--- a/mbbsd/board.c
+++ b/mbbsd/board.c
@@ -37,6 +37,7 @@ typedef struct {
#define IN_CLASS() (class_bid > 0)
static int class_bid = 0;
+static int nbrdsize = 0;
static boardstat_t *nbrd = NULL;
static char choose_board_depth = 0;
static short brdnum;
@@ -168,7 +169,10 @@ load_uidofgid(const int gid, const int type)
{
boardheader_t *bptr, *currbptr, *parent;
int bid, n, childcount = 0;
+ assert(0<=type && type<2);
+ assert(0<= gid-1 && gid-1<MAX_BOARD);
currbptr = parent = &bcache[gid - 1];
+ assert(0<=numboards && numboards<=MAX_BOARD);
for (n = 0; n < numboards; ++n) {
bid = SHM->bsorted[type][n]+1;
if( bid<=0 || !(bptr = getbcache(bid))
@@ -197,6 +201,8 @@ addnewbrdstat(int n, int state)
{
boardstat_t *ptr;
+ assert(0<=n && n<MAX_BOARD);
+ assert(0<=brdnum && brdnum<nbrdsize);
ptr = &nbrd[brdnum++];
//boardheader_t *bptr = &bcache[n];
//ptr->total = &(SHM->total[n]);
@@ -248,6 +254,7 @@ load_boards(char *key)
brdnum = 0;
if (nbrd) {
free(nbrd);
+ nbrdsize = 0;
nbrd = NULL;
}
if (!IN_CLASS()) {
@@ -255,9 +262,11 @@ load_boards(char *key)
fav_t *fav = get_current_fav();
int nfav = get_data_number(fav);
if( nfav == 0 ){
+ nbrdsize = 1;
nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * 1);
goto EMPTYFAV;
}
+ nbrdsize = nfav;
nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * nfav);
for( i = 0 ; i < fav->DataTail; ++i ){
int state;
@@ -287,6 +296,7 @@ load_boards(char *key)
continue;
}else{
boardheader_t *bptr = getbcache(fav_getid(&fav->favh[i]));
+ assert(0<=fav_getid(&fav->favh[i])-1 && fav_getid(&fav->favh[i])-1<MAX_BOARD);
if( HasBoardPerm(bptr) && strcasestr(bptr->title, key))
state = NBRD_BOARD;
else
@@ -308,8 +318,10 @@ load_boards(char *key)
}
#if HOTBOARDCACHE
else if(IN_HOTBOARD()){
- nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * SHM->nHOTs);
- for( i = 0 ; i < SHM->nHOTs ; ++i ) {
+ nbrdsize = SHM->nHOTs;
+ assert(0<nbrdsize);
+ nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * nbrdsize);
+ for( i = 0 ; i < nbrdsize; ++i ) {
if(SHM->HBcache[i] == -1)
continue;
addnewbrdstat(SHM->HBcache[i], HasBoardPerm(&bcache[SHM->HBcache[i]]));
@@ -317,8 +329,10 @@ load_boards(char *key)
}
#endif
else { // general case
- nbrd = (boardstat_t *) malloc(sizeof(boardstat_t) * numboards);
- for (i = 0; i < numboards; i++) {
+ nbrdsize = numboards;
+ assert(0<nbrdsize && nbrdsize<=MAX_BOARD);
+ nbrd = (boardstat_t *) malloc(sizeof(boardstat_t) * nbrdsize);
+ for (i = 0; i < nbrdsize; i++) {
int n = SHM->bsorted[type][i];
boardheader_t *bptr = &bcache[n];
if (n < 0 || bptr == NULL)
@@ -344,15 +358,18 @@ load_boards(char *key)
int childcount;
int bid;
+ assert(0<=class_bid-1 && class_bid-1<MAX_BOARD);
if (bptr->firstchild[type] == 0 || bptr->childcount==0)
load_uidofgid(class_bid, type);
childcount = bptr->childcount; // Ptt: child count after load_uidofgid
- nbrd = (boardstat_t *) malloc((childcount+2) * sizeof(boardstat_t));
+ nbrdsize = childcount + 5;
+ nbrd = (boardstat_t *) malloc((childcount+5) * sizeof(boardstat_t));
// 預留兩個以免大量開板時掛調
for (bid = bptr->firstchild[type]; bid > 0 &&
- brdnum < childcount+2; bid = bptr->next[type]) {
+ brdnum < childcount+5; bid = bptr->next[type]) {
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
bptr = getbcache(bid);
state = HasBoardPerm(bptr);
if ( !(state || GROUPOP()) || TITLE_MATCH(bptr, key) )
@@ -366,10 +383,14 @@ load_boards(char *key)
else
bid = BRD_LINK_TARGET(bptr);
}
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
addnewbrdstat(bid-1, state);
}
- if(childcount < brdnum) //Ptt: dirty fix fix soon
- getbcache(class_bid)->childcount = 0;
+ if(childcount < brdnum) {
+ //Ptt: dirty fix fix soon
+ fprintf(stderr, "childcount < brdnum, %d<%d, class_bid=%d\n",childcount,brdnum,class_bid);
+ getbcache(class_bid)->childcount = 0;
+ }
}
@@ -383,6 +404,7 @@ search_board(void)
move(0, 0);
clrtoeol();
CreateNameList();
+ assert(brdnum<=nbrdsize);
for (num = 0; num < brdnum; num++)
if (!IS_LISTING_FAV() ||
(nbrd[num].myattr & NBRD_BOARD && HasBoardPerm(B_BH(&nbrd[num]))) )
@@ -538,6 +560,7 @@ show_brdlist(int head, int clsflag, int newflag)
move(myrow, 0);
clrtoeol();
if (head < brdnum) {
+ assert(0<=head && head<nbrdsize);
ptr = &nbrd[head++];
if (ptr->myattr & NBRD_LINE){
if( !newflag )
@@ -646,6 +669,7 @@ set_menu_BM(char *BM)
static void replace_link_by_target(boardstat_t *board)
{
+ assert(0<=board->bid-1 && board->bid-1<MAX_BOARD);
board->bid = BRD_LINK_TARGET(getbcache(board->bid));
board->myattr &= ~NBRD_SYMBOLIC;
}
@@ -661,12 +685,14 @@ paste_taged_brds(int gid)
for (tmp = 0; tmp < fav->DataTail; tmp++) {
boardheader_t *bh;
bid = fav_getid(&fav->favh[tmp]);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
bh = getbcache(bid);
if( !is_set_attr(&fav->favh[tmp], FAVH_ADM_TAG))
continue;
set_attr(&fav->favh[tmp], FAVH_ADM_TAG, FALSE);
if (bh->gid != gid) {
bh->gid = gid;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
substitute_record(FN_BOARD, bh,
sizeof(boardheader_t), bid);
reset_board(bid);
@@ -730,6 +756,7 @@ choose_board(int newflag)
if (head < 0) {
if (newflag) {
tmp = num;
+ assert(brdnum<=nbrdsize);
while (num < brdnum) {
ptr = &nbrd[num];
if (ptr->myattr & NBRD_UNREAD)
@@ -803,10 +830,12 @@ choose_board(int newflag)
case '*':
{
int i = 0;
+ assert(brdnum<=nbrdsize);
for (i = 0; i < brdnum; i++)
{
ptr = &nbrd[i];
if (IS_LISTING_FAV()){
+ assert(nbrdsize>0);
if(get_fav_type(&nbrd[0]) != 0)
fav_tag(ptr->bid, get_fav_type(ptr), 2);
}
@@ -816,8 +845,10 @@ choose_board(int newflag)
}
break;
case 't':
+ assert(0<=num && num<nbrdsize);
ptr = &nbrd[num];
if (IS_LISTING_FAV()){
+ assert(nbrdsize>0);
if(get_fav_type(&nbrd[0]) != 0)
fav_tag(ptr->bid, get_fav_type(ptr), 2);
}
@@ -895,6 +926,7 @@ choose_board(int newflag)
case 'D':
if (HasUserPerm(PERM_SYSOP) ||
(HasUserPerm(PERM_SYSSUPERSUBOP) && GROUPOP())) {
+ assert(0<=num && num<nbrdsize);
ptr = &nbrd[num];
if (ptr->myattr & NBRD_SYMBOLIC) {
if (getans("確定刪除連結?[N/y]") == 'y')
@@ -941,6 +973,7 @@ choose_board(int newflag)
break;
}
/* done move if it's the first item. */
+ assert(nbrdsize>0);
if (get_fav_type(&nbrd[0]) != 0)
move_in_current_folder(brdnum, num);
brdnum = -1;
@@ -958,6 +991,7 @@ choose_board(int newflag)
case 'z':
case 'm':
if (HasUserPerm(PERM_LOGINOK)) {
+ assert(0<=num && num<nbrdsize);
ptr = &nbrd[num];
if (IS_LISTING_FAV()) {
if (ptr->myattr & NBRD_FAV) {
@@ -1005,6 +1039,7 @@ choose_board(int newflag)
}
fav_set_folder_title(ft, "新的目錄");
/* don't move if it's the first item */
+ assert(nbrdsize>0);
if (get_fav_type(&nbrd[0]) != 0)
move_in_current_folder(brdnum, num);
brdnum = -1;
@@ -1012,6 +1047,7 @@ choose_board(int newflag)
}
break;
case 'T':
+ assert(0<=num && num<nbrdsize);
if (HasUserPerm(PERM_LOGINOK) && nbrd[num].myattr & NBRD_FOLDER) {
fav_type_t *ft = getfolder(nbrd[num].bid);
strlcpy(buf, get_item_title(ft), sizeof(buf));
@@ -1083,6 +1119,7 @@ choose_board(int newflag)
case 'v':
case 'V':
+ assert(0<=num && num<nbrdsize);
ptr = &nbrd[num];
if(nbrd[num].bid < 0 || !HasBoardPerm(B_BH(ptr)))
break;
@@ -1105,6 +1142,7 @@ choose_board(int newflag)
break;
case 'E':
if (HasUserPerm(PERM_SYSOP | PERM_BOARD) || GROUPOP()) {
+ assert(0<=num && num<nbrdsize);
ptr = &nbrd[num];
move(1, 1);
clrtobot();
@@ -1151,7 +1189,8 @@ choose_board(int newflag)
fav_type_t * ptr = getboard(bid);
if (ptr != NULL) { // already in fav list
// move curser to item
- for (num = 0; bid != nbrd[num].bid; ++num);
+ for (num = 0; num<nbrdsize && bid != nbrd[num].bid; ++num);
+ assert(bid==nbrd[num].bid);
} else {
ptr = fav_add_board(bid);
@@ -1187,13 +1226,15 @@ choose_board(int newflag)
case '\r':
case 'r':
{
- ptr = &nbrd[num];
if (IS_LISTING_FAV()) {
+ assert(nbrdsize>0);
if (get_fav_type(&nbrd[0]) == 0)
break;
- else if (ptr->myattr & NBRD_LINE)
+ assert(0<=num && num<nbrdsize);
+ ptr = &nbrd[num];
+ if (ptr->myattr & NBRD_LINE)
break;
- else if (ptr->myattr & NBRD_FOLDER){
+ if (ptr->myattr & NBRD_FOLDER){
int t = num;
num = 0;
fav_folder_in(ptr->bid);
@@ -1204,11 +1245,15 @@ choose_board(int newflag)
head = 9999;
break;
}
- }
- else if (ptr->myattr & NBRD_SYMBOLIC) {
- replace_link_by_target(ptr);
+ } else {
+ assert(0<=num && num<nbrdsize);
+ ptr = &nbrd[num];
+ if (ptr->myattr & NBRD_SYMBOLIC) {
+ replace_link_by_target(ptr);
+ }
}
+ assert(0<=ptr->bid-1 && ptr->bid-1<MAX_BOARD);
if (!(B_BH(ptr)->brdattr & BRD_GROUPBOARD)) { /* 非sub class */
if (HasBoardPerm(B_BH(ptr))) {
brc_initial_board(B_BH(ptr)->brdname);
@@ -1250,6 +1295,7 @@ choose_board(int newflag)
setutmpbid(ptr->bid);
free(nbrd);
nbrd = NULL;
+ nbrdsize = 0;
if (IS_LISTING_FAV()) {
LIST_BRD();
choose_board(0);
@@ -1268,6 +1314,7 @@ choose_board(int newflag)
} while (ch != 'q');
free(nbrd);
nbrd = NULL;
+ nbrdsize = 0;
--choose_board_depth;
}
diff --git a/mbbsd/brc.c b/mbbsd/brc.c
index f30bef17..2f1639d0 100644
--- a/mbbsd/brc.c
+++ b/mbbsd/brc.c
@@ -371,6 +371,7 @@ brc_initial_board(const char *boardname)
currbid = getbnum(boardname);
if( currbid == 0 )
currbid = getbnum(DEFAULT_BOARD);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
currboard = bcache[currbid - 1].brdname;
currbrdattr = bcache[currbid - 1].brdattr;
diff --git a/mbbsd/cache.c b/mbbsd/cache.c
index 2e8d6042..465a59e0 100644
--- a/mbbsd/cache.c
+++ b/mbbsd/cache.c
@@ -506,6 +506,7 @@ setutmpmode(unsigned int mode)
* section - board cache
*/
void touchbtotal(int bid) {
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
SHM->total[bid - 1] = 0;
SHM->lastposttime[bid - 1] = 0;
}
@@ -644,6 +645,7 @@ reset_board(int bid) /* XXXbid: from 1 */
if (--bid < 0)
return;
+ assert(0<=bid && bid<MAX_BOARD);
if (SHM->Bbusystate || COMMON_TIME - SHM->busystate_b[bid] < 10) {
safe_sleep(1);
} else {
@@ -685,6 +687,7 @@ setbottomtotal(int bid)
char fname[PATHLEN];
int n;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
if(!bh->brdname[0]) return;
setbfile(fname, bh->brdname, ".DIR.bottom");
n = get_num_records(fname, sizeof(fileheader_t));
@@ -707,11 +710,13 @@ setbtotal(int bid)
char genbuf[256];
int num, fd;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
setbfile(genbuf, bh->brdname, ".DIR");
if ((fd = open(genbuf, O_RDWR)) < 0)
return; /* .DIR掛了 */
fstat(fd, &st);
num = st.st_size / sizeof(fileheader_t);
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
SHM->total[bid - 1] = num;
if (num > 0) {
@@ -728,6 +733,7 @@ void
touchbpostnum(int bid, int delta)
{
int *total = &SHM->total[bid - 1];
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
if (*total)
*total += delta;
}
@@ -770,6 +776,7 @@ haspostperm(const char *bname)
if (!(i = getbnum(bname)))
return 0;
+ assert(0<=i-1 && i-1<MAX_BOARD);
if (bcache[i - 1].brdattr & BRD_GUESTPOST)
return 1;
@@ -799,6 +806,7 @@ void buildBMcache(int bid) /* bid starts from 1 */
char s[IDLEN * 3 + 3], *ptr;
int i, uid;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
strlcpy(s, getbcache(bid)->BM, sizeof(s));
for( i = 0 ; s[i] != 0 ; ++i )
if( !isalpha((int)s[i]) && !isdigit((int)s[i]) )
@@ -815,6 +823,7 @@ void buildBMcache(int bid) /* bid starts from 1 */
int is_BM_cache(int bid) /* bid starts from 1 */
{
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
--bid;
// XXX hard coded MAX_BMs=4
if( currutmp->uid == SHM->BMcache[bid][0] ||
@@ -1006,6 +1015,7 @@ hbflreload(int bid)
char buf[128];
FILE *fp;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
memset(hbfl, 0, sizeof(hbfl));
setbfile(buf, bcache[bid - 1].brdname, fn_visable);
if ((fp = fopen(buf, "r")) != NULL) {
@@ -1036,6 +1046,7 @@ hbflcheck(int bid, int uid)
{
int i;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
if (SHM->hbfl[bid-1][0] < login_start_time - HBFLexpire)
hbflreload(bid);
for (i = 1; SHM->hbfl[bid-1][i] != 0 && i <= MAX_FRIEND; ++i) {
diff --git a/mbbsd/fav.c b/mbbsd/fav.c
index bf1c7b7e..fa7d144c 100644
--- a/mbbsd/fav.c
+++ b/mbbsd/fav.c
@@ -207,6 +207,7 @@ char *get_item_title(fav_type_t *ft)
{
switch (get_item_type(ft)){
case FAVT_BOARD:
+ assert(0<=cast_board(ft)->bid-1 && cast_board(ft)->bid-1<MAX_BOARD);
return bcache[cast_board(ft)->bid - 1].brdname;
case FAVT_FOLDER:
return cast_folder(ft)->title;
@@ -220,6 +221,7 @@ static char *get_item_class(fav_type_t *ft)
{
switch (get_item_type(ft)){
case FAVT_BOARD:
+ assert(0<=cast_board(ft)->bid-1 && cast_board(ft)->bid-1<MAX_BOARD);
return bcache[cast_board(ft)->bid - 1].title;
case FAVT_FOLDER:
return "目錄";
@@ -691,6 +693,7 @@ fav_type_t *getadmtag(short bid)
int i;
fav_t *fp = get_fav_root();
fav_type_t *ft;
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
for (i = 0; i < fp->DataTail; i++) {
ft = &fp->favh[i];
if (get_item_type(ft) == FAVT_BOARD && cast_board(ft)->bid == bid && is_set_attr(ft, FAVH_ADM_TAG))
@@ -701,6 +704,7 @@ fav_type_t *getadmtag(short bid)
fav_type_t *getboard(short bid)
{
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
return get_fav_item(bid, FAVT_BOARD);
}
diff --git a/mbbsd/friend.c b/mbbsd/friend.c
index e3fa11b6..8f62713f 100644
--- a/mbbsd/friend.c
+++ b/mbbsd/friend.c
@@ -454,8 +454,10 @@ friend_edit(int type)
} else if (type == BOARD_WATER) {
boardheader_t *bp = NULL;
currbid = getbnum(currboard);
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
bp = getbcache(currbid);
bp->perm_reload = now;
+ assert(0<=currbid-1 && currbid-1<MAX_BOARD);
substitute_record(fn_board, bp, sizeof(boardheader_t), currbid);
// log_usies("SetBoard", bp->brdname);
}
diff --git a/mbbsd/io.c b/mbbsd/io.c
index b933616a..c1efde24 100644
--- a/mbbsd/io.c
+++ b/mbbsd/io.c
@@ -825,6 +825,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
}
while (1) {
+ assert(0<=clen);
if(dirty_line) {
move(line, col);
clrtoeol();
@@ -844,6 +845,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
if ((ch = igetch()) == '\r')
break;
+ assert(0<=clen);
switch (ch) {
case KEY_DOWN: case Ctrl('N'):
case KEY_UP: case Ctrl('P'):
@@ -876,6 +878,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
currchar --;
#endif
}
+ assert(0<=clen);
break;
case KEY_RIGHT:
if (buf[currchar])
@@ -888,6 +891,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
currchar++;
#endif
}
+ assert(0<=clen);
break;
case '\177':
case Ctrl('H'):
@@ -998,6 +1002,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
}
break;
} /* end case */
+ assert(0<=clen);
} /* end while */
if (clen > 1) {
@@ -1008,6 +1013,8 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo)
// outc('\n');
move(y+1, 0);
refresh();
+ assert(0<=currchar && currchar<=clen);
+ assert(0<=clen && clen<=len);
}
if ((echo == LCECHO) && isupper((int)buf[0]))
buf[0] = tolower(buf[0]);
diff --git a/mbbsd/mail.c b/mbbsd/mail.c
index 2b82fb3e..86c1124b 100644
--- a/mbbsd/mail.c
+++ b/mbbsd/mail.c
@@ -1263,6 +1263,7 @@ mail_cross_post(int ent, fileheader_t * fhdr, const char *direct)
return FULLUPDATE;
ent = getbnum(xboard);
+ assert(0<=ent-1 && ent-1<MAX_BOARD);
if ( !((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP)) &&
(cuser.firstlogin > (now - (time4_t)bcache[ent - 1].post_limit_regtime * 2592000) ||
cuser.numlogins < ((unsigned int)(bcache[ent - 1].post_limit_logins) * 10) ||
diff --git a/mbbsd/menu.c b/mbbsd/menu.c
index 99c2c8ba..fa111d4f 100644
--- a/mbbsd/menu.c
+++ b/mbbsd/menu.c
@@ -51,6 +51,7 @@ showtitle(const char *title, const char *mid)
int bid = getbnum(currboard);
if(bid > 0)
{
+ assert(0<=bid-1 && bid-1<MAX_BOARD);
board_hidden_status = ((getbcache(bid)->brdattr & BRD_HIDE) &&
(getbcache(bid)->brdattr & BRD_POSTMASK));
strlcpy(lastboard, currboard, sizeof(lastboard));
diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c
index 37a8ebb1..b4b479f2 100644
--- a/mbbsd/stuff.c
+++ b/mbbsd/stuff.c
@@ -41,6 +41,7 @@ void
sethomefile(char *buf, const char *userid, const char *fname)
{
assert(is_validuserid(userid));
+ assert(fname[0]);
snprintf(buf, PATHLEN, str_home_file, userid[0], userid, fname);
}
@@ -48,30 +49,35 @@ void
setuserfile(char *buf, const char *fname)
{
assert(is_validuserid(cuser.userid));
+ assert(fname[0]);
snprintf(buf, PATHLEN, str_home_file, cuser.userid[0], cuser.userid, fname);
}
void
setapath(char *buf, const char *boardname)
{
+ //assert(boardname[0]);
snprintf(buf, PATHLEN, "man/boards/%c/%s", boardname[0], boardname);
}
void
setadir(char *buf, const char *path)
{
+ //assert(path[0]);
snprintf(buf, PATHLEN, "%s/%s", path, str_dotdir);
}
void
setbpath(char *buf, const char *boardname)
{
+ //assert(boardname[0]);
snprintf(buf, PATHLEN, "boards/%c/%s", boardname[0], boardname);
}
void
setbdir(char *buf, const char *boardname)
{
+ //assert(boardname[0]);
snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname,
(currmode & MODE_DIGEST ? fn_mandex : str_dotdir));
}
@@ -79,12 +85,16 @@ setbdir(char *buf, const char *boardname)
void
setbfile(char *buf, const char *boardname, const char *fname)
{
+ //assert(boardname[0]);
+ assert(fname[0]);
snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname, fname);
}
void
setbnfile(char *buf, const char *boardname, const char *fname, int n)
{
+ //assert(boardname[0]);
+ assert(fname[0]);
snprintf(buf, PATHLEN, str_board_n_file, boardname[0], boardname, fname, n);
}
diff --git a/mbbsd/vote.c b/mbbsd/vote.c
index e12d72f0..62fa1c3b 100644
--- a/mbbsd/vote.c
+++ b/mbbsd/vote.c
@@ -534,6 +534,7 @@ vote_view(vote_buffer_t *vbuf, const char *bname, int vote_index)
fclose(fp);
free(counts);
pos = getbnum(bname);
+ assert(0<=pos-1 && pos-1<MAX_BOARD);
fhp = bcache + pos - 1;
move(t_lines - 3, 0);
prints("◆ 目前總票數 = %d 票", total);
@@ -634,6 +635,7 @@ vote_maintain(const char *bname)
if ((pos = getbnum(bname)) <= 0)
return 0;
+ assert(0<=pos-1 && pos-1<MAX_BOARD);
fhp = bcache + pos - 1;
if (fhp->bvote != 0) {
@@ -918,6 +920,7 @@ user_vote_one(vote_buffer_t *vbuf, const char *bname, int ind)
if ((pos = getbnum(bname)) <= 0)
return 0;
+ assert(0<=pos-1 && pos-1<MAX_BOARD);
fhp = bcache + pos - 1;
#if 0 // backward compatible
setbfile(buf, bname, STR_new_control);
@@ -1096,6 +1099,7 @@ user_vote(const char *bname)
if ((pos = getbnum(bname)) <= 0)
return 0;
+ assert(0<=pos-1 && pos-1<MAX_BOARD);
fhp = bcache + pos - 1;
move(0, 0);
diff --git a/mbbsd/voteboard.c b/mbbsd/voteboard.c
index ac237f58..ff89ec1a 100644
--- a/mbbsd/voteboard.c
+++ b/mbbsd/voteboard.c
@@ -271,6 +271,7 @@ do_voteboard(int type)
"%s\n\n%s%s\n%s", "罷免板主", "英文名稱: ",
topic, "板主 ID : ");
temp=getbnum(topic);
+ assert(0<=temp-1 && temp-1<MAX_BOARD);
do {
if (!getdata(7, 0, "請輸入板主ID:", topic, IDLEN + 1, DOECHO))
return FULLUPDATE;