summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2012-09-18 10:36:13 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2012-09-18 10:36:13 +0000
commit8033b1e9c9644ca49ce7f05e77bd16ef1a30e54f (patch)
treef954f30df601fe171a61e5209e994cc300dd3af1
parent5cbfd54d42fca4aae4acd938c65ea1462689056e (diff)
Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc
Robert via tech@, ok djm
-rw-r--r--usr.bin/ssh/sftp.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c
index 0e683501268..b6db5d80fa9 100644
--- a/usr.bin/ssh/sftp.c
+++ b/usr.bin/ssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
@@ -968,6 +968,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
state = MA_START;
i = j = 0;
for (;;) {
+ if (argc >= sizeof(argv) / sizeof(*argv)){
+ error("Too many arguments.");
+ return NULL;
+ }
if (isspace(arg[i])) {
if (state == MA_UNQUOTED) {
/* Terminate current argument */