From 87ae9a230dc4a6ba55413f5fa431785c8d64d36c Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sun, 4 Aug 2024 01:28:16 +0200
Subject: Added bounds checking in player_lastdisconnect()

---
 FICS/playerdb.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'FICS')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 15959b5..46ae464 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -1555,8 +1555,13 @@ player_lastdisconnect(int p)
 		return 0;
 
 	while (!feof(fp)) {
-		if (fscanf(fp, "%d %s %ld %d %s\n", &inout, loginName, &lval,
-		    &registered, ipstr) != 5) {
+		_Static_assert(19 < ARRAY_SIZE(loginName),
+		    "'loginName' too small");
+		_Static_assert(19 < ARRAY_SIZE(ipstr),
+		    "'ipstr' too small");
+
+		if (fscanf(fp, "%d %19s %ld %d %19s\n", &inout, loginName,
+		    &lval, &registered, ipstr) != 5) {
 			fprintf(stderr, "FICS: Error in login info format. %s"
 			    "\n", fname);
 			fclose(fp);
-- 
cgit v1.2.3