Here is a memory leak/index crash. in read_from_buffer() in comm.c there are the following statements using an index into the inbuf array.
d->inbuf[i] There are no checks to make sure that the reading does not go over the input length (1024). There are various for loops.. that do NOT check for looping outside the limit. In running the code under a memory debugger I discovered that certain characters can cause the read_from_buffer to jump forward and I was getting index values in the 25 thousand range. By blocking the loops and preventing the index value from never going over the input length, I have prevented any issues from this. I will not post the read_from_buffer() that I have as it has things like Ansi detection, MCCP, etc.. I leave it to you to make of this what you will. Chris "Winston" Litchfield Owner: The Mage's Lair Mud www.mageslair.net
