From dedb333b8002fb4d5a1420aa12c2389c83553888 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Mon, 1 Jan 2024 00:33:14 +0100
Subject: Replaced strcpy() call with strlcpy()

---
 FICS/fics_addplayer.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'FICS/fics_addplayer.c')

diff --git a/FICS/fics_addplayer.c b/FICS/fics_addplayer.c
index 16d2631..1eed6f1 100644
--- a/FICS/fics_addplayer.c
+++ b/FICS/fics_addplayer.c
@@ -28,11 +28,18 @@
 #include "stdinclude.h"
 #include "common.h"
 
+#include <err.h>
+#include <string.h>
+
 #include "command.h"
 #include "fics_getsalt.h"
 #include "playerdb.h"
 #include "utils.h"
 
+#if __linux__
+#include <bsd/string.h>
+#endif
+
 #define PASSLEN 8
 
 PRIVATE char *funame = NULL;
@@ -116,7 +123,9 @@ main(int argc, char *argv[])
 		password[i] = ('a' + arc4random_uniform(26));
 	password[i] = '\0';
 
-	strcpy(salt, fics_getsalt());
+	if (strlcpy(salt, fics_getsalt(), sizeof salt) >= sizeof salt)
+		errx(1, "salt truncated");
+
 	parray[p].passwd = xstrdup(crypt(password, salt));
 	parray[p].registered = 1;
 //	parray[p].network_player = !local;
-- 
cgit v1.2.3