Matt McCutchen's Web Site / rsync / rsync.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: beb227d)
Make sure that do_cmd() doesn't overflow its arg-pointer array
authorWayne Davison <wayned@samba.org>
Mon, 28 Jun 2004 17:25:14 +0000 (17:25 +0000)
committerWayne Davison <wayned@samba.org>
Mon, 28 Jun 2004 17:25:14 +0000 (17:25 +0000)
(which was also made larger).

main.c patch | blob | blame | history

diff --git a/main.c b/main.c
index d6eb8d8..fbc5030 100644 (file)
--- a/main.c
+++ b/main.c
@@ -219,7 +219,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
                    int *f_in, int *f_out)
 {
        int i, argc = 0;
-       char *args[100];
+       char *args[MAX_ARGS];
        pid_t ret;
        char *tok, *dir = NULL;
        int dash_l_set = 0;
@@ -234,8 +234,13 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
                if (!cmd)
                        goto oom;
 
-               for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " "))
+               for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " ")) {
+                       if (argc >= MAX_ARGS) {
+                               rprintf(FERROR, "Command is too long\n");
+                               exit_cleanup(RERR_SYNTAX);
+                       }
                        args[argc++] = tok;
+               }
 
                /* check to see if we've already been given '-l user' in
                 * the remote-shell command */
Matt McCutchen's repository for rsync, the fast and versatile remote file copier