Matt McCutchen's Web Site
/
rsync
/
rsync.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Make sure that do_cmd() doesn't overflow its arg-pointer array
[rsync/rsync.git]
/
main.c
diff --git
a/main.c
b/main.c
index
d6eb8d8
..
fbc5030
100644
(file)
--- a/
main.c
+++ b/
main.c
@@
-219,7
+219,7
@@
static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
int *f_in, int *f_out)
{
int i, argc = 0;
int *f_in, int *f_out)
{
int i, argc = 0;
- char *args[
100
];
+ char *args[
MAX_ARGS
];
pid_t ret;
char *tok, *dir = NULL;
int dash_l_set = 0;
pid_t ret;
char *tok, *dir = NULL;
int dash_l_set = 0;
@@
-234,8
+234,13
@@
static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
if (!cmd)
goto oom;
if (!cmd)
goto oom;
- for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " "))
+ for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " ")) {
+ if (argc >= MAX_ARGS) {
+ rprintf(FERROR, "Command is too long\n");
+ exit_cleanup(RERR_SYNTAX);
+ }
args[argc++] = tok;
args[argc++] = tok;
+ }
/* check to see if we've already been given '-l user' in
* the remote-shell command */
/* check to see if we've already been given '-l user' in
* the remote-shell command */