From 9ad6443ad05673ded4d02e1f9a94e322f2992f0f Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Fri, 3 Apr 2026 16:06:15 +0200
Subject: com_news: handle snprintf() truncation

---
 FICS/comproc.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/FICS/comproc.c b/FICS/comproc.c
index 0425828..0751f24 100644
--- a/FICS/comproc.c
+++ b/FICS/comproc.c
@@ -284,8 +284,13 @@ com_news(int p, param_list param)
 		 * File exists - show it
 		 */
 
-		snprintf(filename, sizeof filename, "%s/news.%s", news_dir,
-		    param[0].val.word);
+		ret = snprintf(filename, sizeof filename, "%s/news.%s",
+		    news_dir, param[0].val.word);
+
+		if (is_too_long(ret, sizeof filename)) {
+			warnx("%s: fatal: too long filename", __func__);
+			return COM_OK;
+		}
 
 		if ((fp = fopen(filename, "r")) == NULL) {
 			pprintf(p, "No more info.\n");
@@ -297,9 +302,14 @@ com_news(int p, param_list param)
 			return COM_OK;
 		}
 
-		snprintf(filename, sizeof filename, "news.%s",
+		ret = snprintf(filename, sizeof filename, "news.%s",
 		    param[0].val.word);
 
+		if (is_too_long(ret, sizeof filename)) {
+			warnx("%s: fatal: too long filename", __func__);
+			return COM_OK;
+		}
+
 		if (psend_file(p, news_dir, filename) < 0) {
 			pprintf(p, "Internal error - couldn't send news file!"
 			    "\n");
-- 
cgit v1.2.3