From 6c2e5b56e49b494b33b3b63fc797f83d4c05a203 Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Mon, 9 Feb 2004 21:22:59 +0000 Subject: [PATCH] Die if we overflowed the args[] array when building up the remote command in do_cmd(). --- main.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/main.c b/main.c index 0a0794a7..e26c7b16 100644 --- a/main.c +++ b/main.c @@ -221,12 +221,13 @@ static void show_malloc_stats(void) /* Start the remote shell. cmd may be NULL to use the default. */ -static pid_t do_cmd(char *cmd,char *machine,char *user,char *path,int *f_in,int *f_out) +static pid_t do_cmd(char *cmd, char *machine, char *user, char *path, + int *f_in, int *f_out) { + int i, argc = 0; char *args[100]; - int i,argc=0; pid_t ret; - char *tok,*dir=NULL; + char *tok, *dir = NULL; int dash_l_set = 0; if (!read_batch && !local_server) { @@ -239,9 +240,8 @@ static pid_t do_cmd(char *cmd,char *machine,char *user,char *path,int *f_in,int if (!cmd) goto oom; - for (tok=strtok(cmd," ");tok;tok=strtok(NULL," ")) { + for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " ")) args[argc++] = tok; - } /* check to see if we've already been given '-l user' in * the remote-shell command */ @@ -285,6 +285,11 @@ static pid_t do_cmd(char *cmd,char *machine,char *user,char *path,int *f_in,int if (!daemon_over_rsh && path && *path) args[argc++] = path; + if (argc >= (int)(sizeof args / sizeof args[0])) { + rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n"); + exit_cleanup(RERR_MALLOC); /* XXX Need better RERR? */ + } + args[argc] = NULL; if (verbose > 3) { @@ -491,7 +496,7 @@ static void do_server_recv(int f_in, int f_out, int argc,char *argv[]) { int status; struct file_list *flist; - char *local_name=NULL; + char *local_name = NULL; char *dir = NULL; if (verbose > 2) { -- 2.34.1