diff options
| author | Markus Uhlin <markus@nifty-networks.net> | 2026-04-03 16:06:15 +0200 |
|---|---|---|
| committer | Markus Uhlin <markus@nifty-networks.net> | 2026-04-03 16:06:15 +0200 |
| commit | 9ad6443ad05673ded4d02e1f9a94e322f2992f0f (patch) | |
| tree | 8399bc98a9c98e9f2838833f01070c76296c20d4 | |
| parent | 0615675085f9cf65bd3918b5b3d68e05bc68b48c (diff) | |
com_news: handle snprintf() truncation
| -rw-r--r-- | FICS/comproc.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/FICS/comproc.c b/FICS/comproc.c index 0425828..0751f24 100644 --- a/FICS/comproc.c +++ b/FICS/comproc.c @@ -284,8 +284,13 @@ com_news(int p, param_list param) * File exists - show it */ - snprintf(filename, sizeof filename, "%s/news.%s", news_dir, - param[0].val.word); + ret = snprintf(filename, sizeof filename, "%s/news.%s", + news_dir, param[0].val.word); + + if (is_too_long(ret, sizeof filename)) { + warnx("%s: fatal: too long filename", __func__); + return COM_OK; + } if ((fp = fopen(filename, "r")) == NULL) { pprintf(p, "No more info.\n"); @@ -297,9 +302,14 @@ com_news(int p, param_list param) return COM_OK; } - snprintf(filename, sizeof filename, "news.%s", + ret = snprintf(filename, sizeof filename, "news.%s", param[0].val.word); + if (is_too_long(ret, sizeof filename)) { + warnx("%s: fatal: too long filename", __func__); + return COM_OK; + } + if (psend_file(p, news_dir, filename) < 0) { pprintf(p, "Internal error - couldn't send news file!" "\n"); |