From ee5f8f670f4d7f82e47bcf75c53b91fca4b1a137 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sun, 4 Aug 2024 00:19:47 +0200
Subject: Fixed possible buffer overflow

---
 FICS/playerdb.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'FICS')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index b5f40d9..d9381e1 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -2431,10 +2431,13 @@ SaveThisMsg(int which, char *line)
 	char	Sender[MAX_LOGIN_NAME] = { '\0' };
 	int	p1;
 
+	_Static_assert(19 < ARRAY_SIZE(Sender), "Array too small");
+
 	if (which == 0)
 		return 1;
 
-	sscanf(line, "%s", Sender);
+	if (sscanf(line, "%19s", Sender) != 1)
+		warnx("%s: failed to read sender");
 
 	if (which < 0) {
 		p1 = (-which) - 1;
-- 
cgit v1.2.3