From db5186e39f3410b54408aff55aa8a9a2ad063730 Mon Sep 17 00:00:00 2001
From: Thomas Osterried <thomas@osterried.de>
Date: Sun, 28 Oct 2012 13:39:44 +0000
Subject: 	bugfix: buffer overflow in call.c. 		If the call
 sign you connect to has 9 characters 		(i.E. DL9SAU-10), then call
 segfaults. idString 		in the ncruses mode routine start_screen() was
 		dimensioned too short, and the auther had the fatal 	
 assumtion that a call is 8 characters long (and not 9), 		and he
 did limit the length in sprintf with ... %n.ns 		This is an old
 bug. Obviously, ubuntu 12.04 and 12.10 		introduced better
 runtime checks into potential buffer 		overflows.

---
 call/call.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'call')

diff --git a/call/call.c b/call/call.c
index 6b90ab6..3383734 100644
--- a/call/call.c
+++ b/call/call.c
@@ -799,8 +799,8 @@ int ab_down(int mode, WINDOW * swin, wint * wintab, char buf[], int *bytes,
 int start_screen(char *call[])
 {
 	int cnt;
-	char idString[11];
-	sprintf(idString, " %8s ", call[0]);
+	char idString[12];
+	sprintf(idString, " %9.9s ", call[0]);
 
 	if ((win = initscr()) == NULL)
 		return -1;
-- 
cgit v1.2.3