about summary refs log tree commit diff
diff options
context:
space:
mode:
authortobias <tobias>2020-04-16 17:12:49 +0000
committertobias <tobias>2020-04-16 17:12:49 +0000
commit3ebe04ee8ea2e5362678a102f6b1a4b418613f20 (patch)
treeb7e0bf0ea2452a266d466e739ec10785aa381b4a
parent6407eb9bc1380d879f354c0331dbb5ea5302fe51 (diff)
downloadcwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.tar.gz
cwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.tar.xz
cwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.zip
Prevent out of boundary write with configuration files in which too many
quoted arguments are stored for other window managers.

The quotation handling happens within the while loop without checking if
the "end" limit has been already reached. If this happens, the final
NULL assignment leads to an out of boundary write on stack.

OK okan@
-rw-r--r--util.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/util.c b/util.c
index 7c4bb5e..904a54c 100644
--- a/util.c
+++ b/util.c
@@ -53,7 +53,7 @@ u_exec(char *argstr)
 {
 #define MAXARGLEN 20
 	char	*args[MAXARGLEN], **ap = args;
-	char	**end = &args[MAXARGLEN - 1], *tmp;
+	char	**end = &args[MAXARGLEN - 2], *tmp;
 	char	*s = argstr;
 
 	while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) {