From 1fcf607b41ef3578efc4fb32e30f0cde7fb7dd55 Mon Sep 17 00:00:00 2001
From: mazmazz <mar.marcoz@outlook.com>
Date: Mon, 17 Dec 2018 21:31:00 -0500
Subject: [PATCH] Fix strncpy nodenum length overflow

---
 src/hu_stuff.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/hu_stuff.c b/src/hu_stuff.c
index 6d5fbfca..5941c68d 100644
--- a/src/hu_stuff.c
+++ b/src/hu_stuff.c
@@ -459,7 +459,7 @@ static void DoSayCommand(SINT8 target, size_t usedargs, UINT8 flags)
 		char *nodenum = (char*) malloc(3);
 		INT32 spc = 1;	// used if nodenum[1] is a space.
 
-		strncpy(nodenum, msg+3, 5);
+		strncpy(nodenum, msg+3, 3);
 		// check for undesirable characters in our "number"
 		if 	(((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
 		{
@@ -953,7 +953,7 @@ static void HU_queueChatChar(char c)
 				return;
 			}
 
-			strncpy(nodenum, msg+3, 5);
+			strncpy(nodenum, msg+3, 3);
 			// check for undesirable characters in our "number"
 			if 	(((nodenum[0] < '0') || (nodenum[0] > '9')) || ((nodenum[1] < '0') || (nodenum[1] > '9')))
 			{
@@ -1692,7 +1692,7 @@ static void HU_DrawChat(void)
 
 
 				nodenum = (char*) malloc(3);
-				strncpy(nodenum, w_chat+3, 4);
+				strncpy(nodenum, w_chat+3, 3);
 				n = atoi((const char*) nodenum);	// turn that into a number
 				// special cases: