From 3ab210cbd551966d6828ddb9fe6dc5fe0f544dc2 Mon Sep 17 00:00:00 2001
From: Rob Swindell <rob@synchro.net>
Date: Thu, 3 Mar 2022 09:47:53 -0800
Subject: [PATCH] Fix a few issues around single-file add argument parsing

Triggered by CID 33630: Unbounded source buffer
---
 src/sbbs3/addfiles.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/sbbs3/addfiles.c b/src/sbbs3/addfiles.c
index 86ecf40889..6e981995d9 100644
--- a/src/sbbs3/addfiles.c
+++ b/src/sbbs3/addfiles.c
@@ -729,13 +729,13 @@ int main(int argc, char **argv)
 				SAFECOPY(fdesc, "no description given");
 			}
 
-			sprintf(str,"%s%s", scfg.dir[dirnum]->path, fname);
+			SAFEPRINTF2(str,"%s%s", scfg.dir[dirnum]->path, fname);
 			if(mode&FILE_DATE)
-				sprintf(fdesc, "%s  ", unixtodstr(&scfg,(time32_t)fdate(str),tmp));
-			if(mode&TODAYS_DATE)
-				sprintf(fdesc, "%s  ", unixtodstr(&scfg,time32(NULL),tmp));
-			sprintf(tmp, "%.*s", (int)(LEN_FDESC-strlen(fdesc)), argv[++j]);
-			SAFECOPY(fdesc, tmp);
+				SAFEPRINTF(fdesc, "%s  ", unixtodstr(&scfg,(time32_t)fdate(str),tmp));
+			else if(mode&TODAYS_DATE)
+				SAFEPRINTF(fdesc, "%s  ", unixtodstr(&scfg,time32(NULL),tmp));
+			j++;
+			SAFECAT(fdesc, argv[j]);
 			l=(long)flength(str);
 			if(l==-1) {
 				printf("%s not found.\n",str);
-- 
GitLab