diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2012-09-18 10:36:13 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2012-09-18 10:36:13 +0000 |
commit | 8033b1e9c9644ca49ce7f05e77bd16ef1a30e54f (patch) | |
tree | f954f30df601fe171a61e5209e994cc300dd3af1 | |
parent | 5cbfd54d42fca4aae4acd938c65ea1462689056e (diff) |
Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc
Robert via tech@, ok djm
-rw-r--r-- | usr.bin/ssh/sftp.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 0e683501268..b6db5d80fa9 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -968,6 +968,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, state = MA_START; i = j = 0; for (;;) { + if (argc >= sizeof(argv) / sizeof(*argv)){ + error("Too many arguments."); + return NULL; + } if (isspace(arg[i])) { if (state == MA_UNQUOTED) { /* Terminate current argument */ |