From 887e553f0503e45e5273b5c1d7fa71d5554bc542 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Mon, 28 Jun 2004 17:25:14 +0000
Subject: [PATCH] Make sure that do_cmd() doesn't overflow its arg-pointer
 array (which was also made larger).

---
 main.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/main.c b/main.c
index d6eb8d89..fbc5030b 100644
--- a/main.c
+++ b/main.c
@@ -219,7 +219,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
 		    int *f_in, int *f_out)
 {
 	int i, argc = 0;
-	char *args[100];
+	char *args[MAX_ARGS];
 	pid_t ret;
 	char *tok, *dir = NULL;
 	int dash_l_set = 0;
@@ -234,8 +234,13 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char *path,
 		if (!cmd)
 			goto oom;
 
-		for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " "))
+		for (tok = strtok(cmd, " "); tok; tok = strtok(NULL, " ")) {
+			if (argc >= MAX_ARGS) {
+				rprintf(FERROR, "Command is too long\n");
+				exit_cleanup(RERR_SYNTAX);
+			}
 			args[argc++] = tok;
+		}
 
 		/* check to see if we've already been given '-l user' in
 		 * the remote-shell command */
-- 
2.34.1