oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(ftpd_popen): avoid overwriting the bounds of argv and gargv

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9631 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
2001-02-05 07:40:28 +00:00
parent e30d910363
commit e7579270b0
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
appl/ftp/ftpd/popen.c
View File

@@ -96,13 +96,16 @@ ftp_rooted(const char *path)
}
#define MAXARGS 100
#define MAXGLOBS 1000
FILE *
ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
{
char *cp;
FILE *iop;
int argc, gargc, pdes[2], pid;
char **pop, *argv[100], *gargv[1000];
char **pop, *argv[MAXARGS], *gargv[MAXGLOBS];
char *foo;
if (strcmp(type, "r") && strcmp(type, "w"))
@@ -125,14 +128,15 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
/* break up string into pieces */
foo = NULL;
for (argc = 0, cp = program;; cp = NULL) {
for (argc = 0, cp = program; argc < MAXARGS - 1; cp = NULL) {
if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
break;
}
argv[MAXARGS - 1] = NULL;
gargv[0] = (char*)ftp_rooted(argv[0]);
/* glob each piece */
for (gargc = argc = 1; argv[argc]; argc++) {
for (gargc = argc = 1; argv[argc] && garc < MAXGLOBS - 1; argc++) {
glob_t gl;
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
@@ -140,7 +144,9 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
if (no_glob || glob(argv[argc], flags, NULL, &gl))
gargv[gargc++] = strdup(argv[argc]);
else
for (pop = gl.gl_pathv; *pop; pop++)
for (pop = gl.gl_pathv;
*pop && gargc < MAXGLOBS - 1;
pop++)
gargv[gargc++] = strdup(*pop);
globfree(&gl);
}