• src/sbbs3/services.c

    From deuce@VERT to CVS commit on Thu Jan 21 07:03:17 2016
    src/sbbs3 services.c 1.289 1.290
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv9401

    Modified Files:
    services.c
    Log Message:
    Initialize the TLS session to -1 when not a TLS service.




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ telnet://vert.synchro.net
  • From rswindell@VERT to CVS commit on Sun Jan 14 23:23:02 2018
    src/sbbs3 services.c 1.301 1.302
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv7382

    Modified Files:
    services.c
    Log Message:
    Only call get_ssl_cert() when one or more services have TLS/SSL enabled.


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat Feb 17 23:18:07 2018
    src/sbbs3 services.c 1.302 1.303
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv27459

    Modified Files:
    services.c
    Log Message:
    JS login() method:
    Convert up to 128 characters of the passed user name to a string we can use
    and log in case of failure (helps to debug the full actual user name passed to the sevice, e.g. by an IMAP client).


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Mon Mar 5 16:46:57 2018
    src/sbbs3 services.c 1.308 1.309
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv20120

    Modified Files:
    services.c
    Log Message:
    Remove waits in the services_thread() main loop.

    These waits could cause "bad" traffic (blocked, max client exceeded, etc)
    to prevent/delay accept()ing "good" traffic on other services.




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Mon Mar 5 21:08:35 2018
    src/sbbs3 services.c 1.309 1.310
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv18728

    Modified Files:
    services.c
    Log Message:
    Don't call get_ssl_cert() until the services thread is up.
    Should fix possible issue with certificate being owned by root when _THREAD_SUID_BROKEN is true (ie: Linux).



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Sat Mar 10 03:34:49 2018
    src/sbbs3 services.c 1.312 1.313
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv19892

    Modified Files:
    services.c
    Log Message:
    Add missing NULL check.




    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Mon Mar 12 00:21:44 2018
    src/sbbs3 services.c 1.315 1.316
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv1850

    Modified Files:
    services.c
    Log Message:
    NNTPS/TLS looks funny. Let's go with a "<svc/prot> TLS" instead.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thu Mar 22 18:20:43 2018
    src/sbbs3 services.c 1.317 1.318
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv28533

    Modified Files:
    services.c
    Log Message:
    Bug-fix: JS service calls to random() would return the same sequence on Windows, every time. For example, this resulted in the same BinkP CRAM-MD5 challenge being sent for every mailer session. Fixed by calling sbbs_srand
    in the service's thread, not (just once) in the accept thread.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tue Mar 27 23:47:04 2018
    src/sbbs3 services.c 1.319 1.320
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv14225

    Modified Files:
    services.c
    Log Message:
    Fix potential crypt handle leak for TLS services. Destroy the session
    if the thread returns before js_initcx() is called.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thu Apr 5 23:18:29 2018
    src/sbbs3 services.c 1.321 1.322
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    services.c
    Log Message:
    Enabled GCC-assisted printf-style format/arg checking for lprintf() and
    fix the resulting warnings.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Sat Oct 6 19:34:37 2018
    src/sbbs3 services.c 1.323 1.324
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv14449

    Modified Files:
    services.c
    Log Message:
    Zero-initialize the allocated subscan array.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Tue Apr 23 13:31:41 2019
    src/sbbs3 services.c 1.327 1.328
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv1307

    Modified Files:
    services.c
    Log Message:
    Check the relevant service's configured log_level before logging messages
    (e.g. "<service> connection accepted from: <ip_addr> port <num>").
    Some strcpy->SAFECOPY, sprintf->SAFEPRINTF replacements for good measure.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Thu Aug 8 21:49:19 2019
    src/sbbs3 services.c 1.330 1.331
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv16636

    Modified Files:
    services.c
    Log Message:
    Fix long standing bug with the global JS function login():
    A few *service.js scripts call this function without a password argument
    (the second argument), e.g. login("guest");
    If there was no guest account (or the guest account had a password assigned), this would result in a failed login attempt as "guest" along with a garbage password (e.g. a floating point number, like 3.7042561) and since it would
    be a unique garbage password for each login() call without an actual password specified, these login() calls would be counted as unique failed login attempts and potentially cause the client's IP address to be added to the hack.log
    and even ip.can (IP address filter).

    As seen on Mortifis' system where VERT was filtereed due to
    "SUSPECTED NNTP LOGIN HACK ATTEMPT", likely due to the daily sbbslist verifications when just perform a TCP connection and no actual login attempt, but nntpservice.js would still call login("guest") before the client (vert) would be disconnected.



    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Mon Apr 20 01:43:29 2020
    src/sbbs3 services.c 1.333 1.334
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv20856

    Modified Files:
    services.c
    Log Message:
    Provide detailed socket error descriptions using new socket_strerror() function.


    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to sbbs/master on Sat Sep 26 22:24:35 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/2ec90d7a5e2b30b7f2fcd471
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Place socket error description at the end of the logged messages.

    Socket error descriptions on Windows can be quite long (e.g. > 128 chars) and include punctuation, so include at the end of logged socket error messages.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Feb 20 22:31:34 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/9af56407b142a029bea9ec5c
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Track client counter per service again

    Add the "two or three lines" that Deuce said were needed to restore this functionality.

    Also got rid of some now unnecessary (void) protected_*int* return value ignoring warning-suppressors.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Feb 28 18:22:48 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/452e65d884ccae63634d0cad
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix "clients remain" log line issue introduced in 9af56407

    The service clients count is now a protected int, so deal. On Windows, this was resulting in the "total" and "served" values logged as 4294967295.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Feb 28 19:33:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/82b99558796630a824a2427e
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Merge branch 'master' of gitlab.synchro.net:main/sbbs

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Apr 4 13:38:22 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/3c911b9105131c6d84f21ce0
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix UDP buffer memory leak when max clients reached

    Caught by Coverity-scan CID 330055

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Mon Apr 5 12:03:56 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/a1f9abb72c2b6e2fb129fedd
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Set fds to NULL before recycle.

    Likely the cause of the crash that killed cvs.synchro.net last night

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Apr 6 18:37:13 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/112526fe8dc12c84243955c2
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Include user alias in logged JS error/warning messages

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Mar 1 22:43:08 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/7117b4d8a85474975ea81c78
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Probably doesn't resolve the Coverity issue

    But good practice anyway

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed May 11 00:37:31 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b293b6e53e751fff783f90c2
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Allow a per-service "LowestLogLevel" setting

    Have a service (e.g. imapservice.js) that logs errors that you'd rather not fill your error.log file with? Set that service's "LowestLogLevel" to "Warning" in your services.ini file ("lower" means "more severe" when it comes to log levels, so this would set the maximum severity to Warning).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Aug 21 18:35:34 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/9bd552ed13142092f54e2b2b
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Improve JavaScript-related error messages and fix potential JS runtime leak

    If a new JS context could not be created for any reason, a JS runtime would still be allocated (and leaked), potentially leading to out of memory situations which had been seen (before this change) on vert.synchro.net.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Thu Jan 26 23:45:00 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/4d8bb33e8ffd2e37e5e7b4ba
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Use XSAFECOPY in place of SAFECOPY to avoid NULL pointer checks

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (in GitKraken)@VERT to Git commit to main/sbbs/master on Sun Mar 12 00:00:02 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/f40e7fbd4471344721a998e9
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix a couple of potential NULL-pointer deferences in js_initcx() failure cases

    service_client->client is NULL in these failure/error cases, so get the protocol string from the service_client->service (which is not NULL) instead.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon May 1 12:00:24 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/d057ff6d2d14f5be4e219833
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix valgrind-reported memleak (on recycle), not freeing interfaces string list

    (seeing a pattern here) :-)

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sun Dec 17 01:14:27 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/41b6e894c55e20e20a4aae64
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Log client IP address in "Logging in" log message

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sun Dec 17 01:37:48 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/76706b71762af88781ab5922
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix bug in previous commit: wrong client->addr

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Mon Jan 29 11:42:45 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/5634092ad3f89d6e63fd52d9
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Fix apparent session leak in services.

    It appears that after successful completion of a JS service, the
    TLS session is never destroyed.

    If this fix isn't valid for #707, we should see a bunch of
    "Destroying a session (...) that's not in sess_list" log messages

    Thanks Keyop!

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 7 14:47:35 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/9c9d6a151e2f7fa2e19305e9
    Modified Files:
    src/sbbs3/services.c
    Log Message:
    Another time_t printf

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net