diff options
Diffstat (limited to 'mbbsd')
-rw-r--r-- | mbbsd/admin.c | 8 | ||||
-rw-r--r-- | mbbsd/bbs.c | 52 | ||||
-rw-r--r-- | mbbsd/board.c | 77 | ||||
-rw-r--r-- | mbbsd/brc.c | 1 | ||||
-rw-r--r-- | mbbsd/cache.c | 11 | ||||
-rw-r--r-- | mbbsd/fav.c | 4 | ||||
-rw-r--r-- | mbbsd/friend.c | 2 | ||||
-rw-r--r-- | mbbsd/io.c | 7 | ||||
-rw-r--r-- | mbbsd/mail.c | 1 | ||||
-rw-r--r-- | mbbsd/menu.c | 1 | ||||
-rw-r--r-- | mbbsd/stuff.c | 10 | ||||
-rw-r--r-- | mbbsd/vote.c | 4 | ||||
-rw-r--r-- | mbbsd/voteboard.c | 1 |
13 files changed, 162 insertions, 17 deletions
diff --git a/mbbsd/admin.c b/mbbsd/admin.c index d4336052..c75c8ef0 100644 --- a/mbbsd/admin.c +++ b/mbbsd/admin.c @@ -339,6 +339,7 @@ setup_man(const boardheader_t * board, const boardheader_t * oldboard) void delete_symbolic_link(boardheader_t *bh, int bid) { + assert(0<=bid-1 && bid-1<MAX_BOARD); memset(bh, 0, sizeof(boardheader_t)); substitute_record(fn_board, bh, sizeof(boardheader_t), bid); reset_board(bid); @@ -417,6 +418,7 @@ m_mod_board(char *bname) vmsg(err_bid); return -1; } + assert(0<=bid-1 && bid-1<MAX_BOARD); prints("看板名稱:%s\n看板說明:%s\n看板bid:%d\n看板GID:%d\n" "板主名單:%s", bh.brdname, bh.title, bid, bh.gid, bh.BM); bperm_msg(&bh); @@ -482,6 +484,7 @@ m_mod_board(char *bname) prints("看板 %s 原來的 BVote:%d", bh.brdname, bh.bvote); getdata_str(21, 0, "新的 Bvote:", genbuf, 5, LCECHO, bvotebuf); newbh.bvote = atoi(genbuf); + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, &newbh, sizeof(newbh), bid); reset_board(bid); log_usies("SetBoardBvote", newbh.brdname); @@ -498,6 +501,7 @@ m_mod_board(char *bname) newbh.brdattr = newbh.brdattr & (!BRD_BAD); else newbh.brdattr = newbh.brdattr | BRD_BAD; + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, &newbh, sizeof(newbh), bid); reset_board(bid); log_usies("ViolateLawSet", newbh.brdname); @@ -525,6 +529,7 @@ m_mod_board(char *bname) snprintf(bh.title, sizeof(bh.title), " %s 看板 %s 刪除", bname, cuser.userid); post_msg("Security", bh.title, "請注意刪除的合法性", "[系統安全局]"); + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, &bh, sizeof(bh), bid); reset_board(bid); sort_bcache(); @@ -637,6 +642,7 @@ m_mod_board(char *bname) Rename(src, tar); } setup_man(&newbh, &bh); + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, &newbh, sizeof(newbh), bid); reset_board(bid); sort_bcache(); @@ -815,6 +821,7 @@ static int add_board_record(const boardheader_t *board) { int bid; if ((bid = getbnum("")) > 0) { + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, board, sizeof(boardheader_t), bid); reset_board(bid); sort_bcache(); @@ -952,6 +959,7 @@ int make_symbolic_link(const char *bname, int gid) bid = getbnum(bname); if(bid==0) return -1; + assert(0<=bid-1 && bid-1<MAX_BOARD); memset(&newboard, 0, sizeof(newboard)); /* diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c index 0f6141f9..02eb00e7 100644 --- a/mbbsd/bbs.c +++ b/mbbsd/bbs.c @@ -147,6 +147,7 @@ set_board(void) { boardheader_t *bp; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if( !HasBoardPerm(bp) ){ vmsg("access control violation, exit"); @@ -223,6 +224,7 @@ CheckPostPerm(void) last_board_index = getbnum(currboard); valid_index = 1; } + assert(0<=last_board_index-1 && last_board_index-1<MAX_BOARD); bp = getbcache(last_board_index); if(bp->perm_reload != last_chk_time) @@ -234,6 +236,7 @@ CheckPostPerm(void) if(!valid_index) { last_board_index = getbnum(currboard); + assert(0<=last_board_index-1 && last_board_index-1<MAX_BOARD); bp = getbcache(last_board_index); } last_chk_time = bp->perm_reload; @@ -257,6 +260,7 @@ readtitle(void) boardheader_t *bp; char *brd_title; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if(bp->bvote != 2 && bp->bvote) brd_title = "本看板進行投票中"; @@ -276,6 +280,7 @@ readtitle(void) #endif { char buf[32]; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); sprintf(buf, "人氣:%d ", SHM->bcache[currbid - 1].nuser); outslr("", 44, buf, -1); @@ -441,6 +446,7 @@ do_select(void) CompleteBoard(MSG_SELECT_BOARD, bname); if (bname[0] == '\0' || !(i = getbnum(bname))) return FULLUPDATE; + assert(0<=i-1 && i-1<MAX_BOARD); bh = getbcache(i); if (!HasBoardPerm(bh)) return FULLUPDATE; @@ -598,6 +604,7 @@ do_crosspost(const char *brd, fileheader_t *postfile, const char *fpath) setbdir(genbuf, brd); if (append_record(genbuf, &fh, sizeof(fileheader_t)) != -1) { int bid = getbnum(brd); + assert(0<=bid-1 && bid-1<MAX_BOARD); SHM->lastposttime[bid - 1] = now; touchbpostnum(bid, 1); } @@ -675,6 +682,7 @@ do_general(int isbid) int islocal, posttype=-1; ifuseanony = 0; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if( !CheckPostPerm() @@ -933,6 +941,7 @@ do_post(void) { boardheader_t *bp; STATINC(STAT_DOPOST); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if (bp->brdattr & BRD_VOTEBOARD) return do_voteboard(0); @@ -953,6 +962,7 @@ do_post_openbid(void) char ans[4]; boardheader_t *bp; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if (!(bp->brdattr & BRD_VOTEBOARD)) { @@ -972,6 +982,7 @@ do_generalboardreply(/*const*/ fileheader_t * fhdr) { char genbuf[3]; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if ( !((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP)) && (cuser.firstlogin > (now - (time4_t)bcache[currbid - 1].post_limit_regtime * 2592000) || cuser.numlogins < ((unsigned int)(bcache[currbid - 1].post_limit_logins) * 10) || @@ -1046,6 +1057,7 @@ b_posttype(int ent, const fileheader_t * fhdr, const char *direct) if(!(currmode & MODE_BOARD)) return DONOTHING; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); move(2,0); @@ -1082,6 +1094,7 @@ b_posttype(int ent, const fileheader_t * fhdr, const char *direct) bp->posttype_f = posttype_f; strlcpy(bp->posttype, posttype, sizeof(bp->posttype)); /* 這邊應該要防race condition */ + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); return FULLUPDATE; } @@ -1102,6 +1115,7 @@ do_reply(/*const*/ fileheader_t * fhdr) return FULLUPDATE; } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); setbfile(quote_file, bp->brdname, fhdr->filename); if (bp->brdattr & BRD_VOTEBOARD || (fhdr->filemode & FILE_VOTE)) @@ -1128,6 +1142,7 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct) struct stat oldstat, newstat; int isSysop = 0, recordTouched = 0; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if (strcmp(bp->brdname, "Security") == 0) return DONOTHING; @@ -1292,6 +1307,7 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct) move(2, 0); clrtoeol(); move(1, 0); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if (bp && (bp->brdattr & BRD_VOTEBOARD) ) return FULLUPDATE; @@ -1309,6 +1325,7 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct) /* 借用變數 */ ent = str_checksum(fhdr->title); author = getbnum(xboard); + assert(0<=author-1 && author-1<MAX_BOARD); if ((ent != 0 && ent == postrecord.checksum[0]) && (author != 0 && author != postrecord.last_bid)) { @@ -1404,8 +1421,10 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct) char bname[STRLEN] = ""; struct tm *ptime = localtime4(&now); int maxlength = 51 +2 - 6; + int bid = getbnum(xboard); - bp = getbcache(getbnum(xboard)); + assert(0<=bid-1 && bid-1<MAX_BOARD); + bp = getbcache(bid); if ((bp->brdattr & BRD_HIDE) && (bp->brdattr & BRD_POSTMASK)) { /* mosaic it */ @@ -1446,8 +1465,12 @@ cross_post(int ent, fileheader_t * fhdr, const char *direct) do_add_recommend(direct, fhdr, ent, buf, 2); } else #endif + { + int bid = getbnum(xboard); + assert(0<=bid-1 && bid-1<MAX_BOARD); /* now point bp to new bord */ - bp = getbcache(getbnum(xboard)); + bp = getbcache(bid); + } /* * Cross fs有問題 } else { unlink(xfpath); link(fname, xfpath); } @@ -1528,6 +1551,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct) int temp; boardheader_t *bp = getbcache(currbid); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if (!((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP))) return DONOTHING; @@ -1561,6 +1585,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct) temp = atoi(genbuf); } while (temp < 0 || temp > 2550); bp->post_limit_posts = (unsigned char)(temp / 10); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); log_usies("SetBoard", bp->brdname); vmsg("修改完成!"); @@ -1587,6 +1612,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct) temp = atoi(genbuf); } while (temp < 0 || temp > 2550); bp->vote_limit_posts = (unsigned char)(temp / 10); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); log_usies("SetBoard", bp->brdname); vmsg("修改完成!"); @@ -1650,6 +1676,7 @@ stop_gamble(void) { boardheader_t *bp = getbcache(currbid); char fn_ticket[128], fn_ticket_end[128]; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if (!bp->endgamble || bp->endgamble > now) return 0; @@ -1659,6 +1686,7 @@ stop_gamble(void) rename(fn_ticket, fn_ticket_end); if (bp->endgamble) { bp->endgamble = 0; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); } return 1; @@ -1672,6 +1700,7 @@ join_gamble(int ent, const fileheader_t * fhdr, const char *direct) vmsg("目前未舉辦賭盤或賭盤已開獎"); return DONOTHING; } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); ticket(currbid); return FULLUPDATE; } @@ -1685,6 +1714,7 @@ hold_gamble(void) int i; FILE *fp = NULL; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if (!(currmode & MODE_BOARD)) return 0; if (bp->brdattr & BRD_BAD ) @@ -1705,6 +1735,7 @@ hold_gamble(void) rename(fn_ticket, fn_ticket_end); if (bp->endgamble) { bp->endgamble = 0; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); } @@ -1750,6 +1781,7 @@ hold_gamble(void) fprintf(fp, "%d\n", i); if (!getdata(3, 0, "設定自動封盤時間?(Y/n)", yn, 3, LCECHO) || yn[0] != 'n') { bp->endgamble = gettime(4, now, "封盤於"); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); } move(6, 0); @@ -2111,6 +2143,7 @@ recommend(int ent, fileheader_t * fhdr, const char *direct) int isGuest = (strcmp(cuser.userid, STR_GUEST) == EQUSTR); int logIP = 0; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if (bp->brdattr & BRD_NORECOMMEND || ((fhdr->filemode & FILE_MARKED) && (fhdr->filemode & FILE_SOLVED))) { @@ -2298,6 +2331,7 @@ recommend(int ent, fileheader_t * fhdr, const char *direct) inc_goodpost(fhdr->owner, 1); #endif lastrecommend = now; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); lastrecommend_bid = currbid; strlcpy(lastrecommend_fname, fhdr->filename, sizeof(lastrecommend_fname)); return FULLUPDATE; @@ -2344,6 +2378,7 @@ del_range(int ent, const fileheader_t *fhdr, const char *direct) /* 有三種情況會進這裡, 信件, 看板, 精華區 */ if( !(direct[0] == 'h') ){ /* 信件不用 check */ + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); if (strcmp(bp->brdname, "Security") == 0) return DONOTHING; @@ -2401,6 +2436,7 @@ del_post(int ent, fileheader_t * fhdr, char *direct) int not_owned, tusernum; boardheader_t *bp; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); /* TODO recursive lookup */ @@ -2647,6 +2683,7 @@ b_note_edit_bname(int bid) char buf[PATHLEN]; int aborted; boardheader_t *fh = getbcache(bid); + assert(0<=bid-1 && bid-1<MAX_BOARD); setbfile(buf, fh->brdname, fn_notes); aborted = vedit(buf, NA, NULL); if (aborted == -1) { @@ -2660,6 +2697,7 @@ b_note_edit_bname(int bid) "有效日期至"); else fh->bupdate = 0; + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(fn_board, fh, sizeof(boardheader_t), bid); } return 0; @@ -2669,6 +2707,7 @@ static int b_notes_edit(void) { if (currmode & MODE_BOARD) { + assert(0<=currbid-1 && currbid-1<MAX_BOARD); b_note_edit_bname(currbid); return FULLUPDATE; } @@ -2690,6 +2729,7 @@ visable_list_edit(void) { if (currmode & MODE_BOARD) { friend_edit(BOARD_VISABLE); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); hbflreload(currbid); return FULLUPDATE; } @@ -2746,6 +2786,7 @@ bh_title_edit(void) if (currmode & MODE_BOARD) { char genbuf[BTLEN]; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); move(1, 0); clrtoeol(); @@ -2756,6 +2797,7 @@ bh_title_edit(void) return 0; strip_ansi(genbuf, genbuf, STRIP_ALL); strlcpy(bp->title + 7, genbuf, sizeof(bp->title) - 7); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); log_usies("SetBoard", currboard); return FULLUPDATE; @@ -2845,6 +2887,7 @@ push_bottom(int ent, fileheader_t *fhdr, const char *direct) fhdr->filemode ^= FILE_BOTTOM; num = delete_record(direct, sizeof(fileheader_t), ent); } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); setbottomtotal(currbid); return DIRCHANGED; } @@ -2896,6 +2939,7 @@ good_post(int ent, fileheader_t * fhdr, const char *direct) append_record(buf, &digest, sizeof(digest)); #ifdef GLOBAL_DIGEST + assert(0<=currbid-1 && currbid-1<MAX_BOARD); if(!(getbcache(currbid)->brdattr & BRD_HIDE)) { getdata(1, 0, "好文值得出版到全站文摘?(N/y)", genbuf2, 3, LCECHO); if(genbuf2[0] == 'y') @@ -3112,6 +3156,7 @@ b_config(void) } if(touched) { + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); vmsg("已儲存新設定"); } @@ -3150,6 +3195,7 @@ change_hidden(void) outs("君心今已掩抑,惟盼善自珍重。\n"); board_hidden_status = 1; } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); log_usies("SetBoard", bp->brdname); pressanykey(); @@ -3179,6 +3225,7 @@ change_counting(void) bp->brdattr |= BRD_BMCOUNT; outs("快灌水衝十大第一吧。\n"); } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); pressanykey(); return FULLUPDATE; @@ -3306,6 +3353,7 @@ change_cooldown(void) bp->brdattr |= BRD_COOLDOWN; outs("開始冷靜。\n"); } + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); pressanykey(); return FULLUPDATE; diff --git a/mbbsd/board.c b/mbbsd/board.c index 2d261d5c..3407f0a4 100644 --- a/mbbsd/board.c +++ b/mbbsd/board.c @@ -37,6 +37,7 @@ typedef struct { #define IN_CLASS() (class_bid > 0) static int class_bid = 0; +static int nbrdsize = 0; static boardstat_t *nbrd = NULL; static char choose_board_depth = 0; static short brdnum; @@ -168,7 +169,10 @@ load_uidofgid(const int gid, const int type) { boardheader_t *bptr, *currbptr, *parent; int bid, n, childcount = 0; + assert(0<=type && type<2); + assert(0<= gid-1 && gid-1<MAX_BOARD); currbptr = parent = &bcache[gid - 1]; + assert(0<=numboards && numboards<=MAX_BOARD); for (n = 0; n < numboards; ++n) { bid = SHM->bsorted[type][n]+1; if( bid<=0 || !(bptr = getbcache(bid)) @@ -197,6 +201,8 @@ addnewbrdstat(int n, int state) { boardstat_t *ptr; + assert(0<=n && n<MAX_BOARD); + assert(0<=brdnum && brdnum<nbrdsize); ptr = &nbrd[brdnum++]; //boardheader_t *bptr = &bcache[n]; //ptr->total = &(SHM->total[n]); @@ -248,6 +254,7 @@ load_boards(char *key) brdnum = 0; if (nbrd) { free(nbrd); + nbrdsize = 0; nbrd = NULL; } if (!IN_CLASS()) { @@ -255,9 +262,11 @@ load_boards(char *key) fav_t *fav = get_current_fav(); int nfav = get_data_number(fav); if( nfav == 0 ){ + nbrdsize = 1; nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * 1); goto EMPTYFAV; } + nbrdsize = nfav; nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * nfav); for( i = 0 ; i < fav->DataTail; ++i ){ int state; @@ -287,6 +296,7 @@ load_boards(char *key) continue; }else{ boardheader_t *bptr = getbcache(fav_getid(&fav->favh[i])); + assert(0<=fav_getid(&fav->favh[i])-1 && fav_getid(&fav->favh[i])-1<MAX_BOARD); if( HasBoardPerm(bptr) && strcasestr(bptr->title, key)) state = NBRD_BOARD; else @@ -308,8 +318,10 @@ load_boards(char *key) } #if HOTBOARDCACHE else if(IN_HOTBOARD()){ - nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * SHM->nHOTs); - for( i = 0 ; i < SHM->nHOTs ; ++i ) { + nbrdsize = SHM->nHOTs; + assert(0<nbrdsize); + nbrd = (boardstat_t *)malloc(sizeof(boardstat_t) * nbrdsize); + for( i = 0 ; i < nbrdsize; ++i ) { if(SHM->HBcache[i] == -1) continue; addnewbrdstat(SHM->HBcache[i], HasBoardPerm(&bcache[SHM->HBcache[i]])); @@ -317,8 +329,10 @@ load_boards(char *key) } #endif else { // general case - nbrd = (boardstat_t *) malloc(sizeof(boardstat_t) * numboards); - for (i = 0; i < numboards; i++) { + nbrdsize = numboards; + assert(0<nbrdsize && nbrdsize<=MAX_BOARD); + nbrd = (boardstat_t *) malloc(sizeof(boardstat_t) * nbrdsize); + for (i = 0; i < nbrdsize; i++) { int n = SHM->bsorted[type][i]; boardheader_t *bptr = &bcache[n]; if (n < 0 || bptr == NULL) @@ -344,15 +358,18 @@ load_boards(char *key) int childcount; int bid; + assert(0<=class_bid-1 && class_bid-1<MAX_BOARD); if (bptr->firstchild[type] == 0 || bptr->childcount==0) load_uidofgid(class_bid, type); childcount = bptr->childcount; // Ptt: child count after load_uidofgid - nbrd = (boardstat_t *) malloc((childcount+2) * sizeof(boardstat_t)); + nbrdsize = childcount + 5; + nbrd = (boardstat_t *) malloc((childcount+5) * sizeof(boardstat_t)); // 預留兩個以免大量開板時掛調 for (bid = bptr->firstchild[type]; bid > 0 && - brdnum < childcount+2; bid = bptr->next[type]) { + brdnum < childcount+5; bid = bptr->next[type]) { + assert(0<=bid-1 && bid-1<MAX_BOARD); bptr = getbcache(bid); state = HasBoardPerm(bptr); if ( !(state || GROUPOP()) || TITLE_MATCH(bptr, key) ) @@ -366,10 +383,14 @@ load_boards(char *key) else bid = BRD_LINK_TARGET(bptr); } + assert(0<=bid-1 && bid-1<MAX_BOARD); addnewbrdstat(bid-1, state); } - if(childcount < brdnum) //Ptt: dirty fix fix soon - getbcache(class_bid)->childcount = 0; + if(childcount < brdnum) { + //Ptt: dirty fix fix soon + fprintf(stderr, "childcount < brdnum, %d<%d, class_bid=%d\n",childcount,brdnum,class_bid); + getbcache(class_bid)->childcount = 0; + } } @@ -383,6 +404,7 @@ search_board(void) move(0, 0); clrtoeol(); CreateNameList(); + assert(brdnum<=nbrdsize); for (num = 0; num < brdnum; num++) if (!IS_LISTING_FAV() || (nbrd[num].myattr & NBRD_BOARD && HasBoardPerm(B_BH(&nbrd[num]))) ) @@ -538,6 +560,7 @@ show_brdlist(int head, int clsflag, int newflag) move(myrow, 0); clrtoeol(); if (head < brdnum) { + assert(0<=head && head<nbrdsize); ptr = &nbrd[head++]; if (ptr->myattr & NBRD_LINE){ if( !newflag ) @@ -646,6 +669,7 @@ set_menu_BM(char *BM) static void replace_link_by_target(boardstat_t *board) { + assert(0<=board->bid-1 && board->bid-1<MAX_BOARD); board->bid = BRD_LINK_TARGET(getbcache(board->bid)); board->myattr &= ~NBRD_SYMBOLIC; } @@ -661,12 +685,14 @@ paste_taged_brds(int gid) for (tmp = 0; tmp < fav->DataTail; tmp++) { boardheader_t *bh; bid = fav_getid(&fav->favh[tmp]); + assert(0<=bid-1 && bid-1<MAX_BOARD); bh = getbcache(bid); if( !is_set_attr(&fav->favh[tmp], FAVH_ADM_TAG)) continue; set_attr(&fav->favh[tmp], FAVH_ADM_TAG, FALSE); if (bh->gid != gid) { bh->gid = gid; + assert(0<=bid-1 && bid-1<MAX_BOARD); substitute_record(FN_BOARD, bh, sizeof(boardheader_t), bid); reset_board(bid); @@ -730,6 +756,7 @@ choose_board(int newflag) if (head < 0) { if (newflag) { tmp = num; + assert(brdnum<=nbrdsize); while (num < brdnum) { ptr = &nbrd[num]; if (ptr->myattr & NBRD_UNREAD) @@ -803,10 +830,12 @@ choose_board(int newflag) case '*': { int i = 0; + assert(brdnum<=nbrdsize); for (i = 0; i < brdnum; i++) { ptr = &nbrd[i]; if (IS_LISTING_FAV()){ + assert(nbrdsize>0); if(get_fav_type(&nbrd[0]) != 0) fav_tag(ptr->bid, get_fav_type(ptr), 2); } @@ -816,8 +845,10 @@ choose_board(int newflag) } break; case 't': + assert(0<=num && num<nbrdsize); ptr = &nbrd[num]; if (IS_LISTING_FAV()){ + assert(nbrdsize>0); if(get_fav_type(&nbrd[0]) != 0) fav_tag(ptr->bid, get_fav_type(ptr), 2); } @@ -895,6 +926,7 @@ choose_board(int newflag) case 'D': if (HasUserPerm(PERM_SYSOP) || (HasUserPerm(PERM_SYSSUPERSUBOP) && GROUPOP())) { + assert(0<=num && num<nbrdsize); ptr = &nbrd[num]; if (ptr->myattr & NBRD_SYMBOLIC) { if (getans("確定刪除連結?[N/y]") == 'y') @@ -941,6 +973,7 @@ choose_board(int newflag) break; } /* done move if it's the first item. */ + assert(nbrdsize>0); if (get_fav_type(&nbrd[0]) != 0) move_in_current_folder(brdnum, num); brdnum = -1; @@ -958,6 +991,7 @@ choose_board(int newflag) case 'z': case 'm': if (HasUserPerm(PERM_LOGINOK)) { + assert(0<=num && num<nbrdsize); ptr = &nbrd[num]; if (IS_LISTING_FAV()) { if (ptr->myattr & NBRD_FAV) { @@ -1005,6 +1039,7 @@ choose_board(int newflag) } fav_set_folder_title(ft, "新的目錄"); /* don't move if it's the first item */ + assert(nbrdsize>0); if (get_fav_type(&nbrd[0]) != 0) move_in_current_folder(brdnum, num); brdnum = -1; @@ -1012,6 +1047,7 @@ choose_board(int newflag) } break; case 'T': + assert(0<=num && num<nbrdsize); if (HasUserPerm(PERM_LOGINOK) && nbrd[num].myattr & NBRD_FOLDER) { fav_type_t *ft = getfolder(nbrd[num].bid); strlcpy(buf, get_item_title(ft), sizeof(buf)); @@ -1083,6 +1119,7 @@ choose_board(int newflag) case 'v': case 'V': + assert(0<=num && num<nbrdsize); ptr = &nbrd[num]; if(nbrd[num].bid < 0 || !HasBoardPerm(B_BH(ptr))) break; @@ -1105,6 +1142,7 @@ choose_board(int newflag) break; case 'E': if (HasUserPerm(PERM_SYSOP | PERM_BOARD) || GROUPOP()) { + assert(0<=num && num<nbrdsize); ptr = &nbrd[num]; move(1, 1); clrtobot(); @@ -1151,7 +1189,8 @@ choose_board(int newflag) fav_type_t * ptr = getboard(bid); if (ptr != NULL) { // already in fav list // move curser to item - for (num = 0; bid != nbrd[num].bid; ++num); + for (num = 0; num<nbrdsize && bid != nbrd[num].bid; ++num); + assert(bid==nbrd[num].bid); } else { ptr = fav_add_board(bid); @@ -1187,13 +1226,15 @@ choose_board(int newflag) case '\r': case 'r': { - ptr = &nbrd[num]; if (IS_LISTING_FAV()) { + assert(nbrdsize>0); if (get_fav_type(&nbrd[0]) == 0) break; - else if (ptr->myattr & NBRD_LINE) + assert(0<=num && num<nbrdsize); + ptr = &nbrd[num]; + if (ptr->myattr & NBRD_LINE) break; - else if (ptr->myattr & NBRD_FOLDER){ + if (ptr->myattr & NBRD_FOLDER){ int t = num; num = 0; fav_folder_in(ptr->bid); @@ -1204,11 +1245,15 @@ choose_board(int newflag) head = 9999; break; } - } - else if (ptr->myattr & NBRD_SYMBOLIC) { - replace_link_by_target(ptr); + } else { + assert(0<=num && num<nbrdsize); + ptr = &nbrd[num]; + if (ptr->myattr & NBRD_SYMBOLIC) { + replace_link_by_target(ptr); + } } + assert(0<=ptr->bid-1 && ptr->bid-1<MAX_BOARD); if (!(B_BH(ptr)->brdattr & BRD_GROUPBOARD)) { /* 非sub class */ if (HasBoardPerm(B_BH(ptr))) { brc_initial_board(B_BH(ptr)->brdname); @@ -1250,6 +1295,7 @@ choose_board(int newflag) setutmpbid(ptr->bid); free(nbrd); nbrd = NULL; + nbrdsize = 0; if (IS_LISTING_FAV()) { LIST_BRD(); choose_board(0); @@ -1268,6 +1314,7 @@ choose_board(int newflag) } while (ch != 'q'); free(nbrd); nbrd = NULL; + nbrdsize = 0; --choose_board_depth; } diff --git a/mbbsd/brc.c b/mbbsd/brc.c index f30bef17..2f1639d0 100644 --- a/mbbsd/brc.c +++ b/mbbsd/brc.c @@ -371,6 +371,7 @@ brc_initial_board(const char *boardname) currbid = getbnum(boardname); if( currbid == 0 ) currbid = getbnum(DEFAULT_BOARD); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); currboard = bcache[currbid - 1].brdname; currbrdattr = bcache[currbid - 1].brdattr; diff --git a/mbbsd/cache.c b/mbbsd/cache.c index 2e8d6042..465a59e0 100644 --- a/mbbsd/cache.c +++ b/mbbsd/cache.c @@ -506,6 +506,7 @@ setutmpmode(unsigned int mode) * section - board cache */ void touchbtotal(int bid) { + assert(0<=bid-1 && bid-1<MAX_BOARD); SHM->total[bid - 1] = 0; SHM->lastposttime[bid - 1] = 0; } @@ -644,6 +645,7 @@ reset_board(int bid) /* XXXbid: from 1 */ if (--bid < 0) return; + assert(0<=bid && bid<MAX_BOARD); if (SHM->Bbusystate || COMMON_TIME - SHM->busystate_b[bid] < 10) { safe_sleep(1); } else { @@ -685,6 +687,7 @@ setbottomtotal(int bid) char fname[PATHLEN]; int n; + assert(0<=bid-1 && bid-1<MAX_BOARD); if(!bh->brdname[0]) return; setbfile(fname, bh->brdname, ".DIR.bottom"); n = get_num_records(fname, sizeof(fileheader_t)); @@ -707,11 +710,13 @@ setbtotal(int bid) char genbuf[256]; int num, fd; + assert(0<=bid-1 && bid-1<MAX_BOARD); setbfile(genbuf, bh->brdname, ".DIR"); if ((fd = open(genbuf, O_RDWR)) < 0) return; /* .DIR掛了 */ fstat(fd, &st); num = st.st_size / sizeof(fileheader_t); + assert(0<=bid-1 && bid-1<MAX_BOARD); SHM->total[bid - 1] = num; if (num > 0) { @@ -728,6 +733,7 @@ void touchbpostnum(int bid, int delta) { int *total = &SHM->total[bid - 1]; + assert(0<=bid-1 && bid-1<MAX_BOARD); if (*total) *total += delta; } @@ -770,6 +776,7 @@ haspostperm(const char *bname) if (!(i = getbnum(bname))) return 0; + assert(0<=i-1 && i-1<MAX_BOARD); if (bcache[i - 1].brdattr & BRD_GUESTPOST) return 1; @@ -799,6 +806,7 @@ void buildBMcache(int bid) /* bid starts from 1 */ char s[IDLEN * 3 + 3], *ptr; int i, uid; + assert(0<=bid-1 && bid-1<MAX_BOARD); strlcpy(s, getbcache(bid)->BM, sizeof(s)); for( i = 0 ; s[i] != 0 ; ++i ) if( !isalpha((int)s[i]) && !isdigit((int)s[i]) ) @@ -815,6 +823,7 @@ void buildBMcache(int bid) /* bid starts from 1 */ int is_BM_cache(int bid) /* bid starts from 1 */ { + assert(0<=bid-1 && bid-1<MAX_BOARD); --bid; // XXX hard coded MAX_BMs=4 if( currutmp->uid == SHM->BMcache[bid][0] || @@ -1006,6 +1015,7 @@ hbflreload(int bid) char buf[128]; FILE *fp; + assert(0<=bid-1 && bid-1<MAX_BOARD); memset(hbfl, 0, sizeof(hbfl)); setbfile(buf, bcache[bid - 1].brdname, fn_visable); if ((fp = fopen(buf, "r")) != NULL) { @@ -1036,6 +1046,7 @@ hbflcheck(int bid, int uid) { int i; + assert(0<=bid-1 && bid-1<MAX_BOARD); if (SHM->hbfl[bid-1][0] < login_start_time - HBFLexpire) hbflreload(bid); for (i = 1; SHM->hbfl[bid-1][i] != 0 && i <= MAX_FRIEND; ++i) { diff --git a/mbbsd/fav.c b/mbbsd/fav.c index bf1c7b7e..fa7d144c 100644 --- a/mbbsd/fav.c +++ b/mbbsd/fav.c @@ -207,6 +207,7 @@ char *get_item_title(fav_type_t *ft) { switch (get_item_type(ft)){ case FAVT_BOARD: + assert(0<=cast_board(ft)->bid-1 && cast_board(ft)->bid-1<MAX_BOARD); return bcache[cast_board(ft)->bid - 1].brdname; case FAVT_FOLDER: return cast_folder(ft)->title; @@ -220,6 +221,7 @@ static char *get_item_class(fav_type_t *ft) { switch (get_item_type(ft)){ case FAVT_BOARD: + assert(0<=cast_board(ft)->bid-1 && cast_board(ft)->bid-1<MAX_BOARD); return bcache[cast_board(ft)->bid - 1].title; case FAVT_FOLDER: return "目錄"; @@ -691,6 +693,7 @@ fav_type_t *getadmtag(short bid) int i; fav_t *fp = get_fav_root(); fav_type_t *ft; + assert(0<=bid-1 && bid-1<MAX_BOARD); for (i = 0; i < fp->DataTail; i++) { ft = &fp->favh[i]; if (get_item_type(ft) == FAVT_BOARD && cast_board(ft)->bid == bid && is_set_attr(ft, FAVH_ADM_TAG)) @@ -701,6 +704,7 @@ fav_type_t *getadmtag(short bid) fav_type_t *getboard(short bid) { + assert(0<=bid-1 && bid-1<MAX_BOARD); return get_fav_item(bid, FAVT_BOARD); } diff --git a/mbbsd/friend.c b/mbbsd/friend.c index e3fa11b6..8f62713f 100644 --- a/mbbsd/friend.c +++ b/mbbsd/friend.c @@ -454,8 +454,10 @@ friend_edit(int type) } else if (type == BOARD_WATER) { boardheader_t *bp = NULL; currbid = getbnum(currboard); + assert(0<=currbid-1 && currbid-1<MAX_BOARD); bp = getbcache(currbid); bp->perm_reload = now; + assert(0<=currbid-1 && currbid-1<MAX_BOARD); substitute_record(fn_board, bp, sizeof(boardheader_t), currbid); // log_usies("SetBoard", bp->brdname); } @@ -825,6 +825,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) } while (1) { + assert(0<=clen); if(dirty_line) { move(line, col); clrtoeol(); @@ -844,6 +845,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) if ((ch = igetch()) == '\r') break; + assert(0<=clen); switch (ch) { case KEY_DOWN: case Ctrl('N'): case KEY_UP: case Ctrl('P'): @@ -876,6 +878,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) currchar --; #endif } + assert(0<=clen); break; case KEY_RIGHT: if (buf[currchar]) @@ -888,6 +891,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) currchar++; #endif } + assert(0<=clen); break; case '\177': case Ctrl('H'): @@ -998,6 +1002,7 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) } break; } /* end case */ + assert(0<=clen); } /* end while */ if (clen > 1) { @@ -1008,6 +1013,8 @@ oldgetdata(int line, int col, const char *prompt, char *buf, int len, int echo) // outc('\n'); move(y+1, 0); refresh(); + assert(0<=currchar && currchar<=clen); + assert(0<=clen && clen<=len); } if ((echo == LCECHO) && isupper((int)buf[0])) buf[0] = tolower(buf[0]); diff --git a/mbbsd/mail.c b/mbbsd/mail.c index 2b82fb3e..86c1124b 100644 --- a/mbbsd/mail.c +++ b/mbbsd/mail.c @@ -1263,6 +1263,7 @@ mail_cross_post(int ent, fileheader_t * fhdr, const char *direct) return FULLUPDATE; ent = getbnum(xboard); + assert(0<=ent-1 && ent-1<MAX_BOARD); if ( !((currmode & MODE_BOARD) || HasUserPerm(PERM_SYSOP)) && (cuser.firstlogin > (now - (time4_t)bcache[ent - 1].post_limit_regtime * 2592000) || cuser.numlogins < ((unsigned int)(bcache[ent - 1].post_limit_logins) * 10) || diff --git a/mbbsd/menu.c b/mbbsd/menu.c index 99c2c8ba..fa111d4f 100644 --- a/mbbsd/menu.c +++ b/mbbsd/menu.c @@ -51,6 +51,7 @@ showtitle(const char *title, const char *mid) int bid = getbnum(currboard); if(bid > 0) { + assert(0<=bid-1 && bid-1<MAX_BOARD); board_hidden_status = ((getbcache(bid)->brdattr & BRD_HIDE) && (getbcache(bid)->brdattr & BRD_POSTMASK)); strlcpy(lastboard, currboard, sizeof(lastboard)); diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c index 37a8ebb1..b4b479f2 100644 --- a/mbbsd/stuff.c +++ b/mbbsd/stuff.c @@ -41,6 +41,7 @@ void sethomefile(char *buf, const char *userid, const char *fname) { assert(is_validuserid(userid)); + assert(fname[0]); snprintf(buf, PATHLEN, str_home_file, userid[0], userid, fname); } @@ -48,30 +49,35 @@ void setuserfile(char *buf, const char *fname) { assert(is_validuserid(cuser.userid)); + assert(fname[0]); snprintf(buf, PATHLEN, str_home_file, cuser.userid[0], cuser.userid, fname); } void setapath(char *buf, const char *boardname) { + //assert(boardname[0]); snprintf(buf, PATHLEN, "man/boards/%c/%s", boardname[0], boardname); } void setadir(char *buf, const char *path) { + //assert(path[0]); snprintf(buf, PATHLEN, "%s/%s", path, str_dotdir); } void setbpath(char *buf, const char *boardname) { + //assert(boardname[0]); snprintf(buf, PATHLEN, "boards/%c/%s", boardname[0], boardname); } void setbdir(char *buf, const char *boardname) { + //assert(boardname[0]); snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname, (currmode & MODE_DIGEST ? fn_mandex : str_dotdir)); } @@ -79,12 +85,16 @@ setbdir(char *buf, const char *boardname) void setbfile(char *buf, const char *boardname, const char *fname) { + //assert(boardname[0]); + assert(fname[0]); snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname, fname); } void setbnfile(char *buf, const char *boardname, const char *fname, int n) { + //assert(boardname[0]); + assert(fname[0]); snprintf(buf, PATHLEN, str_board_n_file, boardname[0], boardname, fname, n); } diff --git a/mbbsd/vote.c b/mbbsd/vote.c index e12d72f0..62fa1c3b 100644 --- a/mbbsd/vote.c +++ b/mbbsd/vote.c @@ -534,6 +534,7 @@ vote_view(vote_buffer_t *vbuf, const char *bname, int vote_index) fclose(fp); free(counts); pos = getbnum(bname); + assert(0<=pos-1 && pos-1<MAX_BOARD); fhp = bcache + pos - 1; move(t_lines - 3, 0); prints("◆ 目前總票數 = %d 票", total); @@ -634,6 +635,7 @@ vote_maintain(const char *bname) if ((pos = getbnum(bname)) <= 0) return 0; + assert(0<=pos-1 && pos-1<MAX_BOARD); fhp = bcache + pos - 1; if (fhp->bvote != 0) { @@ -918,6 +920,7 @@ user_vote_one(vote_buffer_t *vbuf, const char *bname, int ind) if ((pos = getbnum(bname)) <= 0) return 0; + assert(0<=pos-1 && pos-1<MAX_BOARD); fhp = bcache + pos - 1; #if 0 // backward compatible setbfile(buf, bname, STR_new_control); @@ -1096,6 +1099,7 @@ user_vote(const char *bname) if ((pos = getbnum(bname)) <= 0) return 0; + assert(0<=pos-1 && pos-1<MAX_BOARD); fhp = bcache + pos - 1; move(0, 0); diff --git a/mbbsd/voteboard.c b/mbbsd/voteboard.c index ac237f58..ff89ec1a 100644 --- a/mbbsd/voteboard.c +++ b/mbbsd/voteboard.c @@ -271,6 +271,7 @@ do_voteboard(int type) "%s\n\n%s%s\n%s", "罷免板主", "英文名稱: ", topic, "板主 ID : "); temp=getbnum(topic); + assert(0<=temp-1 && temp-1<MAX_BOARD); do { if (!getdata(7, 0, "請輸入板主ID:", topic, IDLEN + 1, DOECHO)) return FULLUPDATE; |