summaryrefslogtreecommitdiffstats
path: root/call
diff options
context:
space:
mode:
authorThomas Osterried <thomas@osterried.de>2012-10-28 13:39:44 +0000
committerThomas Osterried <thomas@osterried.de>2012-10-28 13:39:44 +0000
commitdb5186e39f3410b54408aff55aa8a9a2ad063730 (patch)
treece009e69e43624e4f52ad7153d6a105f5a9c770d /call
parent33a1d9ce349c59185adab13700b98ba9e8508cea (diff)
bugfix: buffer overflow in call.c.
If the call sign you connect to has 9 characters (i.E. DL9SAU-10), then call segfaults. idString in the ncruses mode routine start_screen() was dimensioned too short, and the auther had the fatal assumtion that a call is 8 characters long (and not 9), and he did limit the length in sprintf with ... %n.ns This is an old bug. Obviously, ubuntu 12.04 and 12.10 introduced better runtime checks into potential buffer overflows.
Diffstat (limited to 'call')
-rw-r--r--call/call.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/call/call.c b/call/call.c
index 6b90ab6..3383734 100644
--- a/call/call.c
+++ b/call/call.c
@@ -799,8 +799,8 @@ int ab_down(int mode, WINDOW * swin, wint * wintab, char buf[], int *bytes,
int start_screen(char *call[])
{
int cnt;
- char idString[11];
- sprintf(idString, " %8s ", call[0]);
+ char idString[12];
+ sprintf(idString, " %9.9s ", call[0]);
if ((win = initscr()) == NULL)
return -1;