The below diff fixes a bug in the assumptions ntop 1.1 makes about terminal column widths. When ntop is run on terminals with more than 257 columns, the printHeader() function will write a NULL byte beyond the end of the progName string. While I was there I converted sprintf() to snprintf(), since one of the variables written to the progName string is osName, which is ultimately populated from the output of `sh config.guess` during configure. I don’t believe this method guarantees osName can never cause progName to overflow. The patch itself is meant to be minimally invasive while addressing the problem.
About getting this patch upstream: I don’t see how to do that, since upstream has moved onto a re-write called ‘ntop-ng’. I can’t even find old versions of ntop there. I did look on the MASTER_SITES url. There is a newer version of the ntop tarball hosted there, ntop-1.2a2.tar.gz, but the relevant source has this issue as well. Perhaps I should just use iftop ;) - Eric
ntop-1.1p3.diff
Description: Binary data
