diff options
author | Markus Uhlin <markus@nifty-networks.net> | 2025-03-16 16:54:32 +0100 |
---|---|---|
committer | Markus Uhlin <markus@nifty-networks.net> | 2025-03-16 16:54:32 +0100 |
commit | 030ec752c8ad5cad4b6a8b41893274cdb17b692a (patch) | |
tree | a1bec4c2e8385185bc306134c13ece10666ee547 /FICS | |
parent | c46b944ce8560f0a04630851c3b5998089e9b0ce (diff) |
Fixed untrusted array index in plogins()
Diffstat (limited to 'FICS')
-rw-r--r-- | FICS/comproc.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/FICS/comproc.c b/FICS/comproc.c index bad24c8..089f1b8 100644 --- a/FICS/comproc.c +++ b/FICS/comproc.c @@ -742,9 +742,10 @@ plogins(int p, char *fname) FILE *fp = NULL; char ipstr[20] = { '\0' }; char loginName[MAX_LOGIN_NAME + 1] = { '\0' }; - int inout, registered; + int registered = 0; long int lval = 0; time_t tval = 0; + uint16_t inout = 0; if ((fp = fopen(fname, "r")) == NULL) { pprintf(p, "Sorry, no login information available.\n"); @@ -755,7 +756,7 @@ plogins(int p, char *fname) _Static_assert(19 < ARRAY_SIZE(loginName), "'loginName' too small"); while (!feof(fp)) { - if (fscanf(fp, "%d %19s %ld %d %19s\n", &inout, loginName, + if (fscanf(fp, "%hu %19s %ld %d %19s\n", &inout, loginName, &lval, ®istered, ipstr) != 5) { fprintf(stderr, "FICS: Error in login info format. " "%s\n", fname); @@ -765,8 +766,13 @@ plogins(int p, char *fname) tval = lval; - pprintf(p, "%s: %-17s %-6s", strltime(&tval), loginName, - inout_string[inout]); + if (inout >= ARRAY_SIZE(inout_string)) { + warnx("%s: %s: 'inout' too large (%u)", __func__, fname, + inout); + } else { + pprintf(p, "%s: %-17s %-6s", strltime(&tval), loginName, + inout_string[inout]); + } if (parray[p].adminLevel > 0) pprintf(p, " from %s\n", ipstr); |