https://gitlab.synchro.net/main/sbbs/-/commit/bc1ecf0980178ef81c5111c1
Modified Files:
src/sbbs3/mqtt.c
Log Message:
sbbs3 mqtt: escape control bytes in login_attempts payload
The login-failure 'prot' and 'user' fields published to the retained
topic sbbs/<sysid>/host/<host>/login_attempts/<ip> are attacker-
controlled strings. The prior sanitize_field() only replaced tab,
CR, and LF with spaces, leaving NUL, DEL, escape, and high-bit bytes
to leak into the MQTT payload -- and into the terminal of anyone
tailing the topic with mosquitto_sub or similar (terminal-escape
injection risk).
Replace with c_escape_str(..., ctrl_only=true), which renders all
control bytes and high-bit bytes as C-style escapes (\t, \r, \xNN,
\e, etc.). Tab/CR/LF field-separator integrity is preserved as a
side effect since those are also control bytes.
Local prot/user buffers grown to 4*field_size+1 to accommodate the
worst-case \xNN expansion of every source byte.
Co-Authored-By: Claude Opus 4.7 (1M context) <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net