This line caught my eye: memset(clients[cl]->curdir, '\0', (strlen(clients[cl]->curdir)+1));

This seems to be the only place curdir is initialised. curdir is char[256] which contains garbage until it is initialised, with NO GUARANTEE of a zero byte anywhere in those 256 bytes. So what happens if strlen(curdir) returns, say, 500?