1 files changed, 26 insertions, 21 deletions

diff --git a/FICS/comproc.c b/FICS/comproc.c
index 9cac9e2..1cea82b 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -180,8 +180,7 @@ com_news(int p, param_list param)
 	if (is_too_long(ret, sizeof filename)) {
 		warnx("%s: fatal: too long filename", __func__);
 		return COM_OK;
-	}
-	if ((fp = fopen(filename, "r")) == NULL) {
+	} else if ((fp = fopen(filename, "r")) == NULL) {
 		(void) fprintf(stderr, "Can\'t find news index.\n");
 		return COM_OK;
 	}
@@ -284,22 +283,28 @@ com_news(int p, param_list param)
 		 * File exists - show it
 		 */
 
-		snprintf(filename, sizeof filename, "%s/news.%s", news_dir,
-		    param[0].val.word);
+		ret = snprintf(filename, sizeof filename, "%s/news.%s",
+		    news_dir, param[0].val.word);
 
-		if ((fp = fopen(filename, "r")) == NULL) {
+		if (is_too_long(ret, sizeof filename)) {
+			warnx("%s: fatal: too long filename", __func__);
+			return COM_OK;
+		} else if ((fp = fopen(filename, "r")) == NULL) {
 			pprintf(p, "No more info.\n");
 			return COM_OK;
-		}
-
-		if (fclose(fp) != 0) {
+		} else if (fclose(fp) != 0) {
 			warn("%s: error: fclose", __func__);
 			return COM_OK;
 		}
 
-		snprintf(filename, sizeof filename, "news.%s",
+		ret = snprintf(filename, sizeof filename, "news.%s",
 		    param[0].val.word);
 
+		if (is_too_long(ret, sizeof filename)) {
+			warnx("%s: fatal: too long filename", __func__);
+			return COM_OK;
+		}
+
 		if (psend_file(p, news_dir, filename) < 0) {
 			pprintf(p, "Internal error - couldn't send news file!"
 			    "\n");
@@ -381,19 +386,19 @@ FindPlayer(int p, char *name, int *p1, int *connected)
 }
 
 PRIVATE void
-com_stats_andify(int *numbers, int howmany, char *dest, size_t dsize)
+com_stats_andify(int *numbers, int p_howmany, char *dest, size_t dsize)
 {
 	char tmp[10] = { '\0' };
 
 	*dest = '\0';
 
-	while (howmany--) {
-		snprintf(tmp, sizeof tmp, "%d", numbers[howmany]);
+	while (p_howmany--) {
+		snprintf(tmp, sizeof tmp, "%d", numbers[p_howmany]);
 		strlcat(dest, tmp, dsize);
 
-		if (howmany > 1)
+		if (p_howmany > 1)
 			strlcpy(tmp, ", ", sizeof tmp);
-		else if (howmany == 1)
+		else if (p_howmany == 1)
 			strlcpy(tmp, " and ", sizeof tmp);
 		else
 			strlcpy(tmp, ".\n", sizeof tmp);
@@ -447,7 +452,7 @@ com_stats(int p, param_list param)
 	char		 line[255] = { '\0' };
 	char		 tmp[255] = { '\0' };
 	int		 g, i, t;
-	int		 numbers[NUMBERS_SIZE];
+	int		 numbers[NUMBERS_SIZE] = {0};
 	int		 onTime;
 	int		 p1, connected;
 
@@ -676,7 +681,7 @@ com_password(int p, param_list param)
 {
 	char	*oldpassword = param[0].val.word;
 	char	*newpassword = param[1].val.word;
-	char	 salt[FICS_SALT_SIZE];
+	char	 salt[FICS_SALT_SIZE] = { '\0' };
 
 	if (!parray[p].registered) {
 		pprintf(p, "Setting a password is only for registered players."
@@ -1285,9 +1290,9 @@ com_who(int p, param_list param)
 	float		 stop_perc = 1.0;
 	int		 i, len;
 	int		 p1, count, num_who;
-	int		 plist[PARRAY_SIZE];
+	int		 plist[PARRAY_SIZE] = {0};
 	int		 sort_type = blitz_rat;
-	int		 sortlist[PARRAY_SIZE];
+	int		 sortlist[PARRAY_SIZE] = {0};
 	int		 startpoint;
 	int		 stoppoint;
 	int		 style = 0;
@@ -1839,7 +1844,7 @@ com_help(int p, param_list param)
 PUBLIC int
 com_info(int p, param_list param)
 {
-	char	*filenames[1000];
+	char	*filenames[1000] = { NULL };
 	int	 n;
 
 	// XXX: unused
@@ -2030,8 +2035,8 @@ com_mailhelp(int p, param_list param)
 PUBLIC int
 com_handles(int p, param_list param)
 {
-	char	*buffer[1000];
-	char	 pdir[MAX_FILENAME_SIZE];
+	char	*buffer[1000] = { NULL };
+	char	 pdir[MAX_FILENAME_SIZE] = { '\0' };
 	int	 count;
 
 	snprintf(pdir, sizeof pdir, "%s/%c", player_dir, param[0].val.word[0]);