From bf9105aa4aef750c14eedc8678d9b25602881004 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 24 Apr 2026 10:21:06 +0000
Subject: [PATCH] Fix unbounded strcpy of password from player file (use
 strncpy with MAX_PWD_LENGTH)

Agent-Logs-Url: https://github.com/tbamud/tbamud/sessions/28ad1d51-d776-4038-a489-db00dc08e5ff

Co-authored-by: welcor <357770+welcor@users.noreply.github.com>
---
 src/players.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/players.c b/src/players.c
index 1e76197..76f92b9 100644
--- a/src/players.c
+++ b/src/players.c
@@ -405,7 +405,7 @@ int load_char(const char *name, struct char_data *ch)
 
       case 'P':
        if (!strcmp(tag, "Page"))  GET_PAGE_LENGTH(ch) = atoi(line);
-	else if (!strcmp(tag, "Pass"))	strcpy(GET_PASSWD(ch), line);
+	else if (!strcmp(tag, "Pass")) { strncpy(GET_PASSWD(ch), line, MAX_PWD_LENGTH); GET_PASSWD(ch)[MAX_PWD_LENGTH] = '\0'; }
 	else if (!strcmp(tag, "Plyd"))	ch->player.time.played	= atoi(line);
 	else if (!strcmp(tag, "PfIn"))	POOFIN(ch)		= strdup(line);
 	else if (!strcmp(tag, "PfOt"))	POOFOUT(ch)		= strdup(line);