1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/websrvr.cpp

    From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Friday, December 12, 2025 23:42:12
    https://gitlab.synchro.net/main/sbbs/-/commit/b644e8ea3be1fca6d9f36346
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Resolve GCC warning

    warning: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Saturday, December 13, 2025 15:27:56
    https://gitlab.synchro.net/main/sbbs/-/commit/637e4a3d2e0f8367bfdc641c
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Hack to avoid GCC warning (passing string constant, e.g. "", isn't allowed)

    warning: argument 2 null where non-null expected [-Wnonnull]

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sunday, December 21, 2025 01:25:31
    https://gitlab.synchro.net/main/sbbs/-/commit/d7473b5234deb90d10d3e42c
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Fix warning about too many parenthesis.

    I guess I can't just toss them in the code at random to avoid warnings
    anymore. :(

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Saturday, December 27, 2025 01:17:57
    https://gitlab.synchro.net/main/sbbs/-/commit/c50e5e9536d6796b3d57e18a
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Fix off-by-one bug in size argument passed to strlcpy()

    As noted in strlcpy man page: "a byte for the NUL should be included in size."

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, February 05, 2026 16:10:03
    https://gitlab.synchro.net/main/sbbs/-/commit/4281523d6b7b0d41514ac7ff
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    If VHOSTS and ONE_HTTP_LOG options are enabled, log VHOST instead of HOST value

    As suggested in the Virtual Hosts section of https://httpd.apache.org/docs/2.4/logs.html, replacing the first argument
    with the vhost value makes the (single/combined) log file output more useful with virtual hosts.

    This is to address issue #1062

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Thursday, February 05, 2026 20:24:44
    https://gitlab.synchro.net/main/sbbs/-/commit/f3cae23fec4fe6dee108db25
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Fix likely harmless typo in previous commit

    caught via GCC warning: operation on ‘host’ may be undefined

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Friday, February 06, 2026 21:35:09
    https://gitlab.synchro.net/main/sbbs/-/commit/52e1ee602a8a3f6439e168e3
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Enable periodic cleanup and logging of the rate-limiting status

    ... using debug-level log messages.

    Ideally these details would be reported via MQTT (instead or in addition)

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sunday, February 08, 2026 22:34:34
    https://gitlab.synchro.net/main/sbbs/-/commit/5778df870947ebf898c48d13
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Revert "If VHOSTS and ONE_HTTP_LOG options are enabled, log VHOST instead of HOST value"

    This reverts commit 4281523d6b7b0d41514ac7ff52a999292c9d2d26.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, February 12, 2026 01:16:47
    https://gitlab.synchro.net/main/sbbs/-/commit/511ea86a92674be9e91acbc2
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    The Refer [sic] and User-agent custom log format directives need NULL protect

    These pointers can be null or blank, so do the CLF '-' thing

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thursday, February 12, 2026 01:22:23
    https://gitlab.synchro.net/main/sbbs/-/commit/d7a5b7e1dd969e9972e1a41e
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    The Custom Log Format directives are case-sensitive (%h != %H)

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Monday, February 16, 2026 21:09:27
    https://gitlab.synchro.net/main/sbbs/-/commit/b210bfee35785deaeb57abdb
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Add %p (server port) to custom log format supported directives

    <nelgin> DigitalMan would you mind implementing %p for server port please.
    The apache vhost combined logfile uses it.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tuesday, February 24, 2026 16:28:36
    https://gitlab.synchro.net/main/sbbs/-/commit/fd0b9d2bc21b13fa9840e190
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Remove (long-deprecated) access.ars file support (use webctrl.ini instead)

    Fix issue #1083

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sunday, March 08, 2026 05:28:49
    https://gitlab.synchro.net/main/sbbs/-/commit/0c0cb7c473285ab8c71f209a
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Allocate extra byte for NUL-terminator in read_post_data()

    This looks like an off-by-one bug in this one call to realloc(), not adding one for the NUL terminator in this case.

    Potential cause of issue #1094

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Sunday, March 08, 2026 20:47:44
    https://gitlab.synchro.net/main/sbbs/-/commit/07ed41c51fd336b9d7c5d9b4
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    Add NUL to end of post data file

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 19:41:53
    https://gitlab.synchro.net/main/sbbs/-/commit/3ad3f0282bcff37fa1926121
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: cast away two best-effort unchecked returns (CIDs 639932, 639941)

    CID 639932: remove(cleanup_file[i]) in close_request — best-effort
    cleanup of temporary request files; failure is benign.
    CID 639941: setsockopt(TCP_NODELAY) in http_session_thread — latency
    hint; failure is non-fatal. Also widen the bool nodelay to
    int so it has correct setsockopt() type.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 19:41:53
    https://gitlab.synchro.net/main/sbbs/-/commit/62b41cd33f2fa4292d83710d
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: handle getuserdat failures in http_logon and check_ars (CIDs 516407, 516410, 639949)

    Both call sites set user.number then read the rest of the user record
    via getuserdat(). On read failure the user struct was left partially
    populated, then used for password comparison or downstream session
    state. Treat the failure as a system error: log it and either fall
    back to an unauthenticated session (http_logon) or reject the auth
    attempt (check_ars).

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 19:41:53
    https://gitlab.synchro.net/main/sbbs/-/commit/65d46495860f18fb2c9a5882
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: suppress send_error ORDER_REVERSAL false-positive (CID 631137)

    Coverity reports an ORDER_REVERSAL between link_list.mutex and
    jsrt_mutex when http_session_thread calls send_error() in the
    client-limit branches. The link_list helpers in this thread
    (loginAttempts, client_on, listCountMatches) acquire+release their
    list mutex internally — nothing holds a list mutex when send_error
    runs js_setup() which acquires jsrt_mutex. Annotate both 503/429
    send_error sites with a SUPPRESS plus rationale.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 22:36:57
    https://gitlab.synchro.net/main/sbbs/-/commit/6ad832522da440e614b8fcdf
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: clamp tls_sent and explicit cast in sess_sendbuf return (CID 639935)

    The TLS path assigns 'result = tls_sent' where tls_sent is int and
    could theoretically be negative on cryptlib edge cases. Adding it
    to size_t 'sent' would underflow. Guard with 'if (result > 0)'.

    Also make the size_t-to-int returns explicit casts so Coverity sees
    the narrowing is intentional.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 22:51:40
    https://gitlab.synchro.net/main/sbbs/-/commit/c7df44f17c494f7277ac112e
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: skip getuserdat for anonymous sessions in http_logon

    Regression from 9e7649fe0: when http_logon is called with usr=NULL
    on an anonymous request (session->user.number == 0), getuserdat
    legitimately fails because user 0 doesn't exist, which now spams
    the log with '!ERROR reading user #0 data' on every anon hit.

    Only call getuserdat when there's an actual user number to read.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wednesday, May 06, 2026 23:04:20
    https://gitlab.synchro.net/main/sbbs/-/commit/c94f75aa58112c228a8cdce9
    Modified Files:
    src/sbbs3/websrvr.cpp
    Log Message:
    websrvr: include protocol, IP, request, and ARS in no-auth log

    The "!No authentication information" debug log line now reports the
    protocol, client address, request line, and the ARS string that triggered
    the auth requirement, so it's actionable when WEB_OPT_DEBUG_RX is on.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net