src/sbbs3/dosxtrn dosxtrn.c 1.24 1.25
Update of /cvsroot/sbbs/src/sbbs3/dosxtrn
In directory cvs:/tmp/cvs-serv3878

Modified Files:
dosxtrn.c
Log Message:
So 20 years ago I decided that the DOSXTRN.ENV file created by SBBS would never have more than 10 environment variables defined in it. I added no bounds checking or dynamic allocation, so if the file contained more than 10 environment variables (and it has since 2002), other stack memory in DOSXTRN would get over-written (classic buffer overflow).

When I recently experimented with adding another environment variable (PCBDIR), all dosxtrn NTVDM instances would crash with a familiar but mysterious error dialog. This bug may have been causing other dosxtrn instances to crash for a long tmie.
I also had an arbitrary limit on the number of command-line arguments, 16, with no bounds-checking, so passing a long list of space-separated arguments could also crash DOSXTRN.

So I've increased both limits to 32 and added bounds checking. I had to break out the old 16-bit MSVC (v1.52) and an NT2K DDK (and remove the 64-bit int stuff from gen_defs.h) to get this thing to build. But here it is. Updated again after all these years. Who'd a thunk.


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net