diff options
| author | tobias <tobias> | 2020-04-16 17:12:49 +0000 |
|---|---|---|
| committer | tobias <tobias> | 2020-04-16 17:12:49 +0000 |
| commit | 3ebe04ee8ea2e5362678a102f6b1a4b418613f20 (patch) | |
| tree | b7e0bf0ea2452a266d466e739ec10785aa381b4a | |
| parent | 6407eb9bc1380d879f354c0331dbb5ea5302fe51 (diff) | |
| download | cwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.tar.gz cwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.tar.xz cwm-3ebe04ee8ea2e5362678a102f6b1a4b418613f20.zip | |
Prevent out of boundary write with configuration files in which too many
quoted arguments are stored for other window managers. The quotation handling happens within the while loop without checking if the "end" limit has been already reached. If this happens, the final NULL assignment leads to an out of boundary write on stack. OK okan@
| -rw-r--r-- | util.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/util.c b/util.c index 7c4bb5e..904a54c 100644 --- a/util.c +++ b/util.c @@ -53,7 +53,7 @@ u_exec(char *argstr) { #define MAXARGLEN 20 char *args[MAXARGLEN], **ap = args; - char **end = &args[MAXARGLEN - 1], *tmp; + char **end = &args[MAXARGLEN - 2], *tmp; char *s = argstr; while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) { |