From b66b6d954ba6434e113fe6263682ae476252c41d Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sun, 4 Aug 2024 00:59:24 +0200
Subject: Fixed possible buffer overflows

---
 FICS/playerdb.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'FICS')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 876aa85..79067ae 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -583,24 +583,28 @@ ReadV1PlayerFmt(int p, player *pp, FILE *fp, char *file, int version)
 		}
 	}
 
+	_Static_assert(1023 < ARRAY_SIZE(tmp2), "Array too small");
+
+#define SCAN_STR "%1023s"
+
 	while (size_cens--) {
-		fscanf(fp, "%s", tmp2);
+		fscanf(fp, SCAN_STR, tmp2);
 		list_add(p, L_CENSOR, tmp2);
 	}
 	while (size_not--) {
-		fscanf(fp, "%s", tmp2);
+		fscanf(fp, SCAN_STR, tmp2);
 		list_add(p, L_NOTIFY, tmp2);
 	}
 	while (size_noplay--) {
-		fscanf(fp, "%s", tmp2);
+		fscanf(fp, SCAN_STR, tmp2);
 		list_add(p, L_NOPLAY, tmp2);
 	}
 	while (size_gnot--) {
-		fscanf(fp, "%s", tmp2);
+		fscanf(fp, SCAN_STR, tmp2);
 		list_add(p, L_GNOTIFY, tmp2);
 	}
 	while (size_chan--) {
-		fscanf(fp, "%s", tmp2);
+		fscanf(fp, SCAN_STR, tmp2);
 		list_add(p, L_CHANNEL, tmp2);
 	}
 }
-- 
cgit v1.2.3