diff options
| author | Theodore Tso <tytso@mit.edu> | 1998-02-06 18:28:15 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1998-02-06 18:28:15 +0000 |
| commit | 0205668e5383176466255acbe794a91df8ba7698 (patch) | |
| tree | 3e315e9b4643ebb2a5748d00688713cc3d3e823b /src | |
| parent | 51924e9c496b7b10e5badae7cc1a08934e6542c7 (diff) | |
| download | krb5-0205668e5383176466255acbe794a91df8ba7698.tar.gz krb5-0205668e5383176466255acbe794a91df8ba7698.tar.xz krb5-0205668e5383176466255acbe794a91df8ba7698.zip | |
popen.c (ftpd_popen): Make sure you can't overrun the argv[] and
gargv[] arrays. (Patch submitted by dima@best.net).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10419 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/gssftp/ftpd/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/gssftp/ftpd/popen.c | 12 |
2 files changed, 13 insertions, 4 deletions
diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index 50256487f8..18377bb55b 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,8 @@ +Fri Feb 6 13:25:28 1998 Theodore Y. Ts'o <tytso@mit.edu> + + * popen.c (ftpd_popen): Make sure you can't overrun the argv[] and + gargv[] arrays. (Patch submitted by dima@best.net). + Thu Jan 29 19:51:02 1998 Dan Winship <danw@mit.edu> * ftpd.c (auth_data): Accept forwarded credentials and dispose of diff --git a/src/appl/gssftp/ftpd/popen.c b/src/appl/gssftp/ftpd/popen.c index 89f29a2069..ffafe05296 100644 --- a/src/appl/gssftp/ftpd/popen.c +++ b/src/appl/gssftp/ftpd/popen.c @@ -58,6 +58,8 @@ static char sccsid[] = "@(#)popen.c 5.9 (Berkeley) 2/25/91"; static int *pids; static int fds; +#define MAX_ARGV 100 +#define MAX_GARGV 1000 FILE * ftpd_popen(program, type) @@ -66,7 +68,7 @@ ftpd_popen(program, type) register char *cp; FILE *iop; int argc, gargc, pdes[2], pid; - char **pop, *argv[100], *gargv[1000], *vv[2]; + char **pop, *argv[MAX_ARGV], *gargv[MAX_GARGV], *vv[2]; extern char **ftpglob(), **copyblk(); if (*type != 'r' && *type != 'w' || type[1]) @@ -83,10 +85,12 @@ ftpd_popen(program, type) return(NULL); /* break up string into pieces */ - for (argc = 0, cp = program;; cp = NULL) + for (argc = 0, cp = program; argc < MAX_ARGV - 1; cp = NULL) if (!(argv[argc++] = strtok(cp, " \t\n"))) break; - for (argc = 0; argv[argc]; argc++) argv[argc] = strdup(argv[argc]); + argv[MAX_ARGV-1] = NULL; + for (argc = 0; argv[argc]; argc++) + argv[argc] = strdup(argv[argc]); /* glob each piece */ gargv[0] = argv[0]; @@ -97,7 +101,7 @@ ftpd_popen(program, type) pop = copyblk(vv); } argv[argc] = (char *)pop; /* save to free later */ - while (*pop && gargc < 1000) + while (*pop && gargc < MAX_GARGV) gargv[gargc++] = *pop++; } gargv[gargc] = NULL; |