aboutsummaryrefslogtreecommitdiffstats
path: root/FICS
diff options
context:
space:
mode:
authorMarkus Uhlin <markus@nifty-networks.net>2025-03-16 16:54:32 +0100
committerMarkus Uhlin <markus@nifty-networks.net>2025-03-16 16:54:32 +0100
commit030ec752c8ad5cad4b6a8b41893274cdb17b692a (patch)
treea1bec4c2e8385185bc306134c13ece10666ee547 /FICS
parentc46b944ce8560f0a04630851c3b5998089e9b0ce (diff)
Fixed untrusted array index in plogins()
Diffstat (limited to 'FICS')
-rw-r--r--FICS/comproc.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/FICS/comproc.c b/FICS/comproc.c
index bad24c8..089f1b8 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -742,9 +742,10 @@ plogins(int p, char *fname)
FILE *fp = NULL;
char ipstr[20] = { '\0' };
char loginName[MAX_LOGIN_NAME + 1] = { '\0' };
- int inout, registered;
+ int registered = 0;
long int lval = 0;
time_t tval = 0;
+ uint16_t inout = 0;
if ((fp = fopen(fname, "r")) == NULL) {
pprintf(p, "Sorry, no login information available.\n");
@@ -755,7 +756,7 @@ plogins(int p, char *fname)
_Static_assert(19 < ARRAY_SIZE(loginName), "'loginName' too small");
while (!feof(fp)) {
- if (fscanf(fp, "%d %19s %ld %d %19s\n", &inout, loginName,
+ if (fscanf(fp, "%hu %19s %ld %d %19s\n", &inout, loginName,
&lval, &registered, ipstr) != 5) {
fprintf(stderr, "FICS: Error in login info format. "
"%s\n", fname);
@@ -765,8 +766,13 @@ plogins(int p, char *fname)
tval = lval;
- pprintf(p, "%s: %-17s %-6s", strltime(&tval), loginName,
- inout_string[inout]);
+ if (inout >= ARRAY_SIZE(inout_string)) {
+ warnx("%s: %s: 'inout' too large (%u)", __func__, fname,
+ inout);
+ } else {
+ pprintf(p, "%s: %-17s %-6s", strltime(&tval), loginName,
+ inout_string[inout]);
+ }
if (parray[p].adminLevel > 0)
pprintf(p, " from %s\n", ipstr);