From f5a824143109e30f2cc1599a19e1de14cc86a517 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Wed, 2 Apr 2025 21:37:13 +0200
Subject: Bounds checking

---
 FICS/playerdb.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'FICS/playerdb.c')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 411bbd5..06694ab 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -584,6 +584,23 @@ ReadV1PlayerFmt(int p, player *pp, FILE *fp, char *file, int version)
 	pp->timeOfReg = array[0];
 	pp->totalTime = array[1];
 
+	if (pp->num_plan > MAX_PLAN) {
+		warnx("Player %s is corrupt\nToo many plans (%d)",
+		   parray[p].name,
+		   pp->num_plan);
+		return;
+	} else if (pp->num_formula > MAX_FORMULA) {
+		warnx("Player %s is corrupt\nToo many formulas (%d)",
+		   parray[p].name,
+		   pp->num_formula);
+		return;
+	} else if (pp->numAlias > MAX_ALIASES) {
+		warnx("Player %s is corrupt\nToo many aliases (%d)",
+		    parray[p].name,
+		    pp->numAlias);
+		return;
+	}
+
 	if (pp->num_plan > 0) {
 		for (i = 0; i < pp->num_plan; i++) {
 			if (fgets(tmp2, sizeof tmp2, fp) == NULL) {
-- 
cgit v1.2.3