diff options
| author | Thomas Osterried <thomas@osterried.de> | 2012-10-28 13:39:44 +0000 |
|---|---|---|
| committer | Thomas Osterried <thomas@osterried.de> | 2012-10-28 13:39:44 +0000 |
| commit | db5186e39f3410b54408aff55aa8a9a2ad063730 (patch) | |
| tree | ce009e69e43624e4f52ad7153d6a105f5a9c770d /call | |
| parent | 33a1d9ce349c59185adab13700b98ba9e8508cea (diff) | |
bugfix: buffer overflow in call.c.
If the call sign you connect to has 9 characters
(i.E. DL9SAU-10), then call segfaults. idString
in the ncruses mode routine start_screen() was
dimensioned too short, and the auther had the fatal
assumtion that a call is 8 characters long (and not 9),
and he did limit the length in sprintf with ... %n.ns
This is an old bug. Obviously, ubuntu 12.04 and 12.10
introduced better runtime checks into potential buffer
overflows.
Diffstat (limited to 'call')
| -rw-r--r-- | call/call.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/call/call.c b/call/call.c index 6b90ab6..3383734 100644 --- a/call/call.c +++ b/call/call.c @@ -799,8 +799,8 @@ int ab_down(int mode, WINDOW * swin, wint * wintab, char buf[], int *bytes, int start_screen(char *call[]) { int cnt; - char idString[11]; - sprintf(idString, " %8s ", call[0]); + char idString[12]; + sprintf(idString, " %9.9s ", call[0]); if ((win = initscr()) == NULL) return -1; |