(ftpd_popen): avoid overwriting the bounds of argv and gargv

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9631 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/ftp/ftpd/popen.c

@@ -96,13 +96,16 @@ ftp_rooted(const char *path)
 }
 
 
+#define MAXARGS	100
+#define MAXGLOBS 1000
+
 FILE *
 ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 {
 	char *cp;
 	FILE *iop;
 	int argc, gargc, pdes[2], pid;
-	char **pop, *argv[100], *gargv[1000];
+	char **pop, *argv[MAXARGS], *gargv[MAXGLOBS];
 	char *foo;
 
 	if (strcmp(type, "r") && strcmp(type, "w"))
@@ -125,14 +128,15 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 
 	/* break up string into pieces */
 	foo = NULL;
-	for (argc = 0, cp = program;; cp = NULL) {
+	for (argc = 0, cp = program; argc < MAXARGS - 1; cp = NULL) {
 		if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo)))
 			break;
 	}
+	argv[MAXARGS - 1] = NULL;
 
 	gargv[0] = (char*)ftp_rooted(argv[0]);
 	/* glob each piece */
-	for (gargc = argc = 1; argv[argc]; argc++) {
+	for (gargc = argc = 1; argv[argc] && garc < MAXGLOBS - 1; argc++) {
 		glob_t gl;
 		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
 
@@ -140,7 +144,9 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
 		if (no_glob || glob(argv[argc], flags, NULL, &gl))
 			gargv[gargc++] = strdup(argv[argc]);
 		else
-			for (pop = gl.gl_pathv; *pop; pop++)
+			for (pop = gl.gl_pathv;
+			     *pop && gargc < MAXGLOBS - 1;
+			     pop++)
 				gargv[gargc++] = strdup(*pop);
 		globfree(&gl);
 	}