From 0f792053d9fecafbc699dee5966f4c7d88e21a44 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 14 Mar 2026 13:28:12 +0100
Subject: player_write_login: handle snprintf() truncation

---
 FICS/playerdb.c | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 0c5c502..b1c3d73 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -1697,20 +1697,30 @@ write_p_inout(int inout, int p, char *file, int maxlines)
 PUBLIC void
 player_write_login(int p)
 {
-	char fname[MAX_FILENAME_SIZE];
+	char	fname[MAX_FILENAME_SIZE] = { '\0' };
+	int	ret;
 
 	if (parray[p].registered) {
-		snprintf(fname, sizeof fname, "%s/player_data/%c/%s.%s",
+		ret = snprintf(fname, sizeof fname, "%s/player_data/%c/%s.%s",
 		    stats_dir, parray[p].login[0], parray[p].login,
 		    STATS_LOGONS);
-		write_p_inout(P_LOGIN, p, fname, 8);
+		if (!is_too_long(ret, sizeof fname))
+			write_p_inout(P_LOGIN, p, fname, 8);
+		else
+			warnx("%s: filename too long", __func__);
 	}
 
-	snprintf(fname, sizeof fname, "%s/%s", stats_dir, STATS_LOGONS);
-	write_p_inout(P_LOGIN, p, fname, 30);
+	ret = snprintf(fname, sizeof fname, "%s/%s", stats_dir, STATS_LOGONS);
+	if (!is_too_long(ret, sizeof fname))
+		write_p_inout(P_LOGIN, p, fname, 30);
+	else
+		warnx("%s: filename too long", __func__);
 
-	snprintf(fname, sizeof fname, "%s/%s", stats_dir, "logons.log");
-	write_p_inout(P_LOGIN, p, fname, 0);
+	ret = snprintf(fname, sizeof fname, "%s/%s", stats_dir, "logons.log");
+	if (!is_too_long(ret, sizeof fname))
+		write_p_inout(P_LOGIN, p, fname, 0);
+	else
+		warnx("%s: filename too long", __func__);
 }
 
 PUBLIC void
-- 
cgit v1.2.3