1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/syncterm/webget.c

    From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 01:06:05 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/df19ebe9b1d7f15845d53525
    Modified Files:
    src/syncterm/webget.c
    Log Message:
    Fix use-after-free and NULL deref in webget.c

    destroy_webget_req() had a copy-paste bug: after freeing req->msg and req->state, the code set req->uri = NULL both times instead of NULLing
    the correct fields. This left req->msg and req->state as dangling
    pointers after free.

    Also add a missing NULL check on strdup() in parse_uri(). If it fails,
    the next line passes NULL to strchr(), which crashes. The mutex is held
    at this point, so the error path uses set_msg_locked() and unlocks
    before jumping to error_return.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Sun Mar 15 14:09:13 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a386c70ab11205a81b4d53d8
    Modified Files:
    src/syncterm/webget.c
    Log Message:
    Fix webget.c error path setting pointer to 0 instead of value

    On error_return, "len = 0" zeroed the pointer instead of the
    pointed-to value. Changed to "*len = 0" to match the success path.

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net