1. Forum
  2. FidoNet
  3. FIDOSOFT.HUSKY

  • HPT Bug: Corrupted packets not rejected due to missing date validation

    From Stephen Walsh@3:633/280 to All on Fri Oct 10 10:38:04 2025
    Hi Husky developers,

    I've discovered a bug in HPT where packets with corrupted/empty message date fields are not properly rejected and renamed to .bad as they should be.

    PROBLEM DESCRIPTION:
    ===================
    When processing packets, HPT reads the 20-byte datetime field from each
    message header (pktread.c:771) and calls parse_ftsc_date() to parse it
    (line 777). However, the return value from parse_ftsc_date() is ignored.

    The parse_ftsc_date() function returns flag_t values indicating:
    - FTSC_BROKEN (2) - field cannot be parsed
    - FTSC_FLAWY (1) - field has correctable errors
    - FTSC_TS_BROKEN (128) - timestamp broken but date OK

    Currently, even when parse_ftsc_date() returns FTSC_BROKEN, the badmsg
    counter is not incremented, so the packet is not renamed to .bad and
    continues to be processed.

    REAL-WORLD IMPACT:
    ==================
    I encountered a packet in the wild (from 2:341/66) that contains:
    - Message 3: Empty date field (0 bytes)
    - Message 4: Invalid date field (1 byte: '0')

    The bad packet can be obtained at: https://vk3heg.net/badpkt.zip

    HPT processed this packet instead of rejecting it.

    PROPOSED FIX:
    =============
    After calling parse_ftsc_date(), check if the FTSC_BROKEN flag is set and increment badmsg accordingly. This ensures corrupted packets are properly renamed to .bad.

    Patch attached below. Please review and consider applying to the codebase.

    --- hpt/src/pktread.c.orig 2025-10-09 10:00:00.000000000 +1100
    +++ hpt/src/pktread.c 2025-10-09 10:05:00.000000000 +1100
    @@ -734,6 +734,7 @@
    {
    s_message * msg;
    size_t len;
    + flag_t date_flags;
    int badmsg = 0;
    struct tm tm;
    long unread;
    @@ -774,7 +775,16 @@
    }

    msg->datetime[20] = 0; /* ensure it's null-terminated */
    - parse_ftsc_date(&tm, (char *)msg->datetime);
    + date_flags = parse_ftsc_date(&tm, (char *)msg->datetime);
    +
    + /* Check if the date field is broken and cannot be parsed */
    + if(date_flags & FTSC_BROKEN)
    + {
    + w_log(LL_ERR,
    + "wrong msg header: datetime field is broken ('%s')",
    + msg->datetime);
    + badmsg++;
    + }

    /* val: make_ftsc_date((char*)msg->datetime, &tm); */
    if(globalBuffer == NULL)

    TESTING:
    ========
    With this patch applied, packets with broken date fields will be properly rejected and renamed to .bad instead of being processed.

    Be