From 421baaa11d66801050ff528821278b336b9a8410 Mon Sep 17 00:00:00 2001
From: Michiel Broek <mbse@mbse.eu>
Date: Sat, 29 Nov 2008 13:42:38 +0000
Subject: [PATCH] Fixed lastcallers string overflow

---
 ChangeLog             |  4 ++++
 SETUP.sh              |  4 ++++
 mbsebbs/lastcallers.c | 55 ++++++++++++++++++++++---------------------
 3 files changed, 36 insertions(+), 27 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 867f9c4a..f051d2d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,12 +11,16 @@ v0.95.4		31-Aug-2008 -
 	mbfido:
 		A cosmetic change to add an extra newline before the tearline.
 
+	mbsebbs:
+		Fixed a buffer overflow in lastcallers display.
+
 	mbsetup:
 		Increased the size of the nntp username and password fields to
 		32 characters.
 
 	script:
 		installinit.sh now knows about Slamd64.
+		SETUP.sh now knows about Slamd64.
 
 
 v0.95.3		12-Mar-2008 - 31-Aug-2008.
diff --git a/SETUP.sh b/SETUP.sh
index 474dd29c..551d65da 100644
--- a/SETUP.sh
+++ b/SETUP.sh
@@ -75,6 +75,10 @@ if [ "$OSTYPE" = "Linux" ]; then
 	else
 	    DISTVERS=$( cat /etc/slackware-version )
 	fi
+    elif [ -f /etc/slamd64-version ]; then
+	# Slamd64
+	DISTNAME="Slamd64"
+	DISTVERS=`cat /etc/slamd64-version`
     elif [ -f /etc/zenwalk-version ]; then
 	DISTNAME="Zenwalk"
 	DISTVERS=$( cat /etc/zenwalk-version | awk '{ print $2 }' )
diff --git a/mbsebbs/lastcallers.c b/mbsebbs/lastcallers.c
index ec9edba8..6b5881f1 100644
--- a/mbsebbs/lastcallers.c
+++ b/mbsebbs/lastcallers.c
@@ -59,9 +59,9 @@ extern int	cols;
  */
 void LastCallers(char *OpData)
 {
-    FILE		    *pLC;
+    FILE		    *fp;
     int			    LineCount = 5, count = 0;
-    char		    lstr[128], *sFileName, *Heading;
+    char		    lstr[201], *sFileName, *Heading;
     struct lastcallers	    lcall;
     struct lastcallershdr   lcallhdr;
 
@@ -75,19 +75,19 @@ void LastCallers(char *OpData)
     PUTSTR(chartran(lstr));
 
     snprintf(sFileName, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT"));
-    if ((pLC = fopen(sFileName,"r")) == NULL) 
+    if ((fp = fopen(sFileName,"r")) == NULL) 
 	WriteError("$LastCallers: Can't open %s", sFileName);
     else {
-	fread(&lcallhdr, sizeof(lcallhdr), 1, pLC);
+	fread(&lcallhdr, sizeof(lcallhdr), 1, fp);
 
 	strcpy(lstr, colour_str(WHITE, BLACK));
 	/* Todays callers to */
 	snprintf(Heading, 81, "%s%s", (char *) Language(84), CFG.bbs_name);
-	strncat(lstr, Center_str(Heading), 127);
+	strncat(lstr, Center_str(Heading), 200);
 	PUTSTR(chartran(lstr));
 
 	strcpy(lstr, colour_str(LIGHTRED, BLACK));
-	strncat(lstr, Center_str(hLine_str(strlen(Heading))), 127);
+	strncat(lstr, Center_str(hLine_str(strlen(Heading))), 200);
 	PUTSTR(chartran(lstr));
 	Enter(1);
 
@@ -96,41 +96,41 @@ void LastCallers(char *OpData)
 	PUTSTR(chartran(lstr));
 
 	strcpy(lstr, colour_str(GREEN, BLACK));
-	strncat(lstr, fLine_str(cols -1), 127);
+	strncat(lstr, fLine_str(cols -1), 200);
 	PUTSTR(chartran(lstr));
-		
-	while (fread(&lcall, lcallhdr.recsize, 1, pLC) == 1) {
+
+	while (fread(&lcall, lcallhdr.recsize, 1, fp) == 1) {
 	    if (!lcall.Hidden) {
 		count++;
 
 		strcpy(lstr, colour_str(WHITE, BLACK));
-		snprintf(Heading, 81, "%-5d", count);
-		strncat(lstr, Heading, 127);
+		snprintf(Heading, 80, "%-5d", count);
+		strncat(lstr, Heading, 200);
 
-		strncat(lstr, colour_str(LIGHTCYAN, BLACK), 127);
+		strncat(lstr, colour_str(LIGHTCYAN, BLACK), 200);
 		if ((strcasecmp(OpData, "/H")) == 0) {
 		    if ((strcmp(lcall.Handle, "") != 0 && *(lcall.Handle) != ' '))
-			snprintf(Heading, 81, "%-20s", lcall.Handle);
+			snprintf(Heading, 80, "%-20s", lcall.Handle);
 		    else
-			snprintf(Heading, 81, "%-20s", lcall.UserName);
+			snprintf(Heading, 80, "%-20s", lcall.UserName);
 		} else if (strcasecmp(OpData, "/U") == 0) {
-		    snprintf(Heading, 81, "%-20s", lcall.Name);
+		    snprintf(Heading, 80, "%-20s", lcall.Name);
 		} else {
-		    snprintf(Heading, 81, "%-20s", lcall.UserName);
+		    snprintf(Heading, 80, "%-20s", lcall.UserName);
 		}
-		strncat(lstr, Heading, 127);
+		strncat(lstr, Heading, 200);
 
-		snprintf(Heading, 81, "%-8s", lcall.Device);
-		strncat(lstr, pout_str(LIGHTBLUE, BLACK, Heading), 127);
+		snprintf(Heading, 80, "%-8s", lcall.Device);
+		strncat(lstr, pout_str(LIGHTBLUE, BLACK, Heading), 200);
 
-		snprintf(Heading, 81, "%-8s", lcall.TimeOn);
-		strncat(lstr, pout_str(LIGHTMAGENTA, BLACK, Heading), 127);
+		snprintf(Heading, 80, "%-8s", lcall.TimeOn);
+		strncat(lstr, pout_str(LIGHTMAGENTA, BLACK, Heading), 200);
 
-		snprintf(Heading, 81, "%-7d", lcall.Calls);
-		strncat(lstr, pout_str(YELLOW, BLACK, Heading), 127);
+		snprintf(Heading, 80, "%-7d", lcall.Calls);
+		strncat(lstr, pout_str(YELLOW, BLACK, Heading), 200);
 
-		snprintf(Heading, 81, "%-32s", lcall.Location);
-		strncat(lstr, pout_str(LIGHTRED, BLACK, Heading), 127);
+		snprintf(Heading, 80, "%-32s", lcall.Location);
+		strncat(lstr, pout_str(LIGHTRED, BLACK, Heading), 200);
 		PUTSTR(chartran(lstr));
 		Enter(1);
 
@@ -139,14 +139,15 @@ void LastCallers(char *OpData)
 		    Pause();
 		    LineCount = 0;
 		}
+
 	    } /* End of check if user is hidden */
 	}
 
 	strcpy(lstr, colour_str(GREEN, BLACK));
-	strncat(lstr, fLine_str(cols -1), 127);
+	strncat(lstr, fLine_str(cols -1), 200);
 	PUTSTR(chartran(lstr));
 
-	fclose(pLC);
+	fclose(fp);
 	Enter(1);
 	Pause();
     }