Fix buffer overflow in build
authorMarkus Armbruster <armbru@pond.sub.org>
Tue, 20 Mar 2012 19:28:46 +0000 (20:28 +0100)
committerMarkus Armbruster <armbru@pond.sub.org>
Tue, 27 Mar 2012 08:13:05 +0000 (10:13 +0200)
Remote hole, can smash the stack.  Broken when Empire 2 added the
confirmation prompt.

src/lib/commands/buil.c

index 01ac73ad7d1018b998ad86643ca8cf36f1683aa0..1228463f6d9d1458059031599271533af7dd41b2 100644 (file)
@@ -28,7 +28,7 @@
  *
  *  Known contributors to this file:
  *     Steve McClure, 1998-2000
- *     Markus Armbruster, 2004-2011
+ *     Markus Armbruster, 2004-2012
  */
 
 #include <config.h>
@@ -160,8 +160,8 @@ buil(void)
        if (number > 20) {
            char bstr[80];
            sprintf(bstr,
-                   "Are you sure that you want to build %s of them? ",
-                   player->argp[4]);
+                   "Are you sure that you want to build %d of them? ",
+                   number);
            p = getstarg(player->argp[6], bstr, buf);
            if (!p || *p != 'y')
                return RET_SYN;