From 30860fb9e1c67cca668290091040be13ebc3da0e Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sat, 16 Mar 2024 16:34:16 +0100
Subject: Replaced sprintf() calls with snprintf() and added truncation checks

---
 FICS/playerdb.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 54c403d..7810dfb 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -1418,11 +1418,18 @@ player_lastconnect(int p)
 	char		 ipstr[20];
 	char		 loginName[MAX_LOGIN_NAME];
 	int		 inout, registered;
+	int		 ret, too_long;
 	long int	 lval;
 	time_t		 last = 0;
 
-	sprintf(fname, "%s/player_data/%c/%s.%s", stats_dir, parray[p].login[0],
-	    parray[p].login, STATS_LOGONS);
+	ret = snprintf(fname, sizeof fname, "%s/player_data/%c/%s.%s",
+	    stats_dir, parray[p].login[0], parray[p].login, STATS_LOGONS);
+	too_long = (ret < 0 || (size_t)ret >= sizeof fname);
+
+	if (too_long) {
+		fprintf(stderr, "FICS: %s: warning: snprintf truncated\n",
+		    __func__);
+	}
 
 	if ((fp = fopen(fname, "r")) == NULL)
 		return 0;
@@ -1454,11 +1461,18 @@ player_lastdisconnect(int p)
 	char		 ipstr[20];
 	char		 loginName[MAX_LOGIN_NAME];
 	int		 inout, registered;
+	int		 ret, too_long;
 	long int	 lval;
 	time_t		 last = 0;
 
-	sprintf(fname, "%s/player_data/%c/%s.%s", stats_dir, parray[p].login[0],
-	    parray[p].login, STATS_LOGONS);
+	ret = snprintf(fname, sizeof fname, "%s/player_data/%c/%s.%s",
+	    stats_dir, parray[p].login[0], parray[p].login, STATS_LOGONS);
+	too_long = (ret < 0 || (size_t)ret >= sizeof fname);
+
+	if (too_long) {
+		fprintf(stderr, "FICS: %s: warning: snprintf truncated\n",
+		    __func__);
+	}
 
 	if ((fp = fopen(fname, "r")) == NULL)
 		return 0;
-- 
cgit v1.2.3