From 4e770afab1eea814a4a0e09fb8a1a85c365a88c4 Mon Sep 17 00:00:00 2001 From: Markus Uhlin Date: Sat, 15 Mar 2025 13:33:08 +0100 Subject: Added parameter 'End_size' to FindHistory2() and changed the format string of fscanf() to avoid buffer overflow --- FICS/obsproc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'FICS/obsproc.c') diff --git a/FICS/obsproc.c b/FICS/obsproc.c index c916c0f..8a28f94 100644 --- a/FICS/obsproc.c +++ b/FICS/obsproc.c @@ -994,9 +994,10 @@ FindHistory(int p, int p1, int p_game) } PRIVATE char * -FindHistory2(int p, int p1, int p_game, char *End) -{ +FindHistory2(int p, int p1, int p_game, char *End, const size_t End_size) +{ // XXX FILE *fpHist; + char fmt[80] = { '\0' }; int index = 0; long int when = 0; static char fileName[MAX_FILENAME_SIZE]; @@ -1009,12 +1010,11 @@ FindHistory2(int p, int p1, int p_game, char *End) return NULL; } - do { - int ret; + msnprintf(fmt, sizeof fmt, "%%d %%*c %%*d %%*c %%*d %%*s %%*s %%*d " + "%%*d %%*d %%*d %%*s %%%zus %%ld", (End_size - 1)); - ret = fscanf(fpHist, "%d %*c %*d %*c %*d %*s %*s %*d %*d %*d " - "%*d %*s %s %ld", &index, End, &when); - if (ret != 3) + do { + if (fscanf(fpHist, fmt, &index, End, &when) != 3) warn("%s: %s: corrupt", __func__, &fileName[0]); } while (!feof(fpHist) && index != p_game); @@ -1822,7 +1822,8 @@ jsave_history(int p, char save_spot, int p1, int from, char *to_file) char type[4]; int g; - if ((HistoryFname = FindHistory2(p, p1, from, End)) != NULL) { + if ((HistoryFname = FindHistory2(p, p1, from, End, sizeof End)) != + NULL) { if ((Game = fopen(HistoryFname, "r")) == NULL) { pprintf(p, "History game %d not available for %s.\n", from, -- cgit v1.2.3