home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Devil's Doorknob BBS Capture (1996-2003)
/
devilsdoorknobbbscapture1996-2003.iso
/
Dloads
/
WWIVMODS
/
MODSUNKN.ZIP
/
HACKFIX2.MOD
< prev
next >
Wrap
Text File
|
1990-07-23
|
3KB
|
105 lines
Bad Dude #1 @9981
Thu Jul 19 09:44:56 1990
7Regarding 2: 1BUG FIX 6BUG FIX 7 BUG FIX 3 BUG FIX 7<2Zimmod 77>
7Written By2: 1Zimmion #1 @3131
Mod Name : Fix dangerous Zmodem backdoor bug v1.0
Mod Filename : FIXBDOOR.MOD
Mod Author : Parker Prospect #1 @9964
Mod Description : Many WWIV sysops don't know about this, but if you run a
copy of unregistered DSZ, then you can be subjected to a dangerous backdoor
to WWIV. All a user has to do is enter "????????.???" as a filename, and
then he can batch upload DIRECTLY TO YOUR MAIN BBS DIRECTORY!! This means
he can overwrite BBS.EXE, NETWORK.EXE, and other important files such as
CONFIG.DAT. This mod simply corrects the problem by not allowing wildcards
to be used on the upload filename prompt line.
NOTE: I realize this fix has been done before, but I wanted to do it again
to let new WWIV sysops be informed of this problem, and also I did it
because I couldn't find the older mod.
************** Legend **************
* %% Delete Line *
* -- Search for Line, DON'T CHANGE *
* ++ Add Line *
* -+ Modify Line *
* ## Line is part of another mod *
************************************
------------------------------------------------------------------------
Step #1 <XFER.C>: Add the following code immediately after int okfn.
int okfn1(char *s)
{
int i,l,ok;
unsigned char ch;
ok=1;
l=strlen(s);
for (i=0; i<l; i++) {
ch=s[i];
if ((ch==' ') || (ch=='/') || (ch=='\\') || (ch==':') ||
(ch=='>') || (ch=='<') || (ch=='|') || (ch=='+') ||
(ch==',') || (ch==';') || (ch > 126) || (ch=='?') ||
(ch=='*'))
ok=0;
}
return(ok);
}
------------------------------------------------------------------------
Step #2 <XFER.C>: Add/modify the follow code in void upload.
-- closedl();
-- return;
-- }
-- prt(2,"Filename: ");
-- input(s,12);
-+ if (!okfn1(s))
-- s[0]=0;
-- align(s);
-- strcpy(u.filename,s);
-- u.ownerusr=usernum;
------------------------------------------------------------------------
Step #3 <FCNS.H>: Add the following line.
-- double freek1(char *s);
-- int exist(char *s);
-- void add_ass(int i, char *ss);
-- /* File: xfer.c */
-- int okfn(char *s);
-- int okfn1(char * s);
-- void get_arc_cmd(char *out, char *arcfn, int cmd, char *ofn);
-- int list_arc_out(char *fn, char *dir);
-- void list_temp_arc();
------------------------------------------------------------------------
Final Step
Compile the BBS and update your menus to reflect the changes you made...
------------------------------------------------------------------------
Disclaimer
I, Jeff Garzik, claim no liability for this mod, or for any damage that
may have resulted from the use of this mod. I also attach no warranty,
expressed OR implied, to this product. This type of warranty and
liability disclaimer is prohibited by law in certain states, and is
therefore void in those states.
If you like this mod, you can call my board at:
The East Carolina Connection
919-756-2939 :::: 2400 baud MNP level 4
24hrs a day -- 7 days a week
Autovalidation of WWIV sysops (first call)
Thanks to Wayne Bell for writing such great software!