Check integer upper bounds

author: Markus Uhlin <markus@nifty-networks.net> 2025-04-05 13:27:04 +0200
committer: Markus Uhlin <markus@nifty-networks.net> 2025-04-05 13:27:04 +0200
commit: 890dfc4460d4e971836cf5ebcd7e262167d8277b (patch)
tree: 198ab8839e039b3efde9fb5d00c7302c19698e1c /FICS
parent: 0c8edb2939d5359266bb00cb5ec6f8cfe3d8fef4 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 18c3188..08c4689 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -972,6 +972,9 @@ got_attr_value_player(int p, char *attr, char *value, FILE *fp, char *file)
 		if ((i = atoi(value)) < 0) {
 			warnx("%s: num censor negative", __func__);
 			return -1;
+		} else if (i > MAX_CENSOR) {
+			warnx("%s: num censor too large", __func__);
+			return -1;
 		}
 
 		while (i--) {
@@ -994,6 +997,9 @@ got_attr_value_player(int p, char *attr, char *value, FILE *fp, char *file)
 		if ((i = atoi(value)) < 0) {
 			warnx("%s: num notify negative", __func__);
 			return -1;
+		} else if (i > MAX_NOTIFY) {
+			warnx("%s: num notify too large", __func__);
+			return -1;
 		}
 
 		while (i--) {
author	Markus Uhlin <markus@nifty-networks.net>	2025-04-05 13:27:04 +0200
committer	Markus Uhlin <markus@nifty-networks.net>	2025-04-05 13:27:04 +0200
commit	890dfc4460d4e971836cf5ebcd7e262167d8277b (patch)
tree	198ab8839e039b3efde9fb5d00c7302c19698e1c /FICS
parent	0c8edb2939d5359266bb00cb5ec6f8cfe3d8fef4 (diff)