1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/mqtt.c

    From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sunday, May 03, 2026 20:31:55
    https://gitlab.synchro.net/main/sbbs/-/commit/bc1ecf0980178ef81c5111c1
    Modified Files:
    src/sbbs3/mqtt.c
    Log Message:
    sbbs3 mqtt: escape control bytes in login_attempts payload

    The login-failure 'prot' and 'user' fields published to the retained
    topic sbbs/<sysid>/host/<host>/login_attempts/<ip> are attacker-
    controlled strings. The prior sanitize_field() only replaced tab,
    CR, and LF with spaces, leaving NUL, DEL, escape, and high-bit bytes
    to leak into the MQTT payload -- and into the terminal of anyone
    tailing the topic with mosquitto_sub or similar (terminal-escape
    injection risk).

    Replace with c_escape_str(..., ctrl_only=true), which renders all
    control bytes and high-bit bytes as C-style escapes (\t, \r, \xNN,
    \e, etc.). Tab/CR/LF field-separator integrity is preserved as a
    side effect since those are also control bytes.

    Local prot/user buffers grown to 4*field_size+1 to accommodate the
    worst-case \xNN expansion of every source byte.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 22:36:57
    https://gitlab.synchro.net/main/sbbs/-/commit/77a712c064189539e761b224
    Modified Files:
    src/sbbs3/mqtt.c
    Log Message:
    mqtt: cast putnmsg to void in mqtt_message_received (CID 469140)

    The MQTT bridge forwards an inbound payload to the node; if delivery
    fails (node not running, etc.) there's nothing useful for the MQTT
    callback to do with the error. Make the discarded return explicit.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¿@VERT to Git commit to main/sbbs/master on Thursday, May 07, 2026 02:03:23
    https://gitlab.synchro.net/main/sbbs/-/commit/fb788069b14684762744d5de
    Modified Files:
    src/sbbs3/mqtt.c
    Log Message:
    mqtt.c: fix server state not published correctly on connect

    mqtt_server_state() only updated mqtt->server_state inside the publish
    block, so when mqtt->connected was false (race between synchronous
    TCP connect and async CONNACK callback), the state transition was
    lost. Move the state update before the publish so it's always tracked.

    mqtt_server_startup() hardcoded SERVER_INIT, overwriting the real state
    if the MQTT connect callback fired after the server had already
    transitioned to SERVER_READY. Use mqtt->server_state instead.

    On reconnect (server_version is NULL), re-publish the current state
    so the broker has the correct retained server-level status.

    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net