commit - 7933bd395a7575dd9fbf6f06e963df5ee2aaf570
commit + 7284b84bc4429bed1dd6c626ac2b9971b5ce4484
blob - e6a0f2b096c289ae6be84f7546bb5ce74b8b8fc7
blob + 753a6ca54b8d8305bb5582e63a7fb6e3d86d3a41
--- FICS/utils.c
+++ FICS/utils.c
@@ -338,23 +338,28 @@ mail_file_to_user(int p, char *subj, char *fname)
 PUBLIC int
 pcommand(int p, char *comstr, ...)
 {
-	char tmp[MAX_LINE_SIZE] = { '\0' };
-	int current_socket = parray[p].socket;
-	int retval;
-	va_list ap;
+	char	tmp[MAX_LINE_SIZE] = { '\0' };
+	int	current_socket = parray[p].socket;
+	int	ret[2];
+	va_list	ap;
 
 	va_start(ap, comstr);
-	vsnprintf(tmp, sizeof tmp, comstr, ap);
+	ret[0] = vsnprintf(tmp, sizeof tmp, comstr, ap);
 	va_end(ap);
 
-	retval = process_input(current_socket, tmp);
+	if (ret[0] < 0 || (size_t)ret[0] >= sizeof tmp) {
+		warnx("%s: command string too long: p=%d", __func__, p);
+		return COM_FAILED;
+	}
 
-	if (retval == COM_LOGOUT) {
+	ret[1] = process_input(current_socket, tmp);
+
+	if (ret[1] == COM_LOGOUT) {
 		process_disconnection(current_socket);
 		net_close_connection(current_socket);
 	}
 
-	return retval;
+	return ret[1];
 }
 
 PUBLIC void