1 files changed, 20 insertions, 5 deletions

diff --git a/FICS/comproc.c b/FICS/comproc.c
index b377cc8..a7a5ea1 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -45,6 +45,8 @@
 						array index read/write.
    Markus Uhlin			25/07/21	com_who: fixed multiplication
 						result converted to larger type.
+   Markus Uhlin			25/07/24	Fixed use of potentially
+						dangerous functions.
 */
 
 #include "stdinclude.h"
@@ -53,6 +55,7 @@
 #include <sys/resource.h>
 
 #include <err.h>
+#include <errno.h>
 
 #include "board.h"
 #include "command.h"
@@ -389,11 +392,18 @@ com_stats_rating(char *hdr, statistics *stats, char *dest, const size_t dsize)
 	    stats->num);
 
 	if (stats->whenbest) {
+		struct tm res = {0};
+
 		snprintf(tmp, sizeof tmp, "   %d", stats->best);
 		strlcat(dest, tmp, dsize);
-		strftime(tmp, sizeof tmp, " (%d-%b-%y)",
-		    localtime((time_t *) &stats->whenbest));
-		strlcat(dest, tmp, dsize);
+
+		errno = 0;
+
+		if (localtime_r(&stats->whenbest, &res) != NULL) {
+			if (strftime(tmp, sizeof tmp, " (%d-%b-%y)", &res) != 0)
+				strlcat(dest, tmp, dsize);
+		} else
+			warn("%s: localtime_r", __func__);
 	}
 
 	if (strlcat(dest, "\n", dsize) >= dsize) {
@@ -583,9 +593,14 @@ com_stats(int p, param_list param)
 	if (connected &&
 	    parray[p1].registered &&
 	    (p == p1 || parray[p].adminLevel > 0)) {
-		char *timeToStr = ctime((time_t *) &parray[p1].timeOfReg);
+		char timeToStr[30] = { '\0' };
+
+		errno = 0;
+
+		if (ctime_r(&parray[p1].timeOfReg, timeToStr) == NULL)
+			warn("%s: ctime_r", __func__);
+		timeToStr[strcspn(timeToStr, "\n")] = '\0';
 
-		timeToStr[strlen(timeToStr) - 1] = '\0';
 		pprintf(p, "\n");
 
 		onTime = ((time(NULL) - parray[p1].logon_time) +