summaryrefslogtreecommitdiff
path: root/usr.bin/cvs
diff options
context:
space:
mode:
authorRay Lai <ray@cvs.openbsd.org>2007-05-27 21:14:07 +0000
committerRay Lai <ray@cvs.openbsd.org>2007-05-27 21:14:07 +0000
commit85facf0ed7d20fd6e060f4b25b388cfe820f51a1 (patch)
tree040a30fc6e94820dc095705f8d6257b13b4f38bd /usr.bin/cvs
parentdc9ca1095f77ac006e267a8710593f67afe492ae (diff)
Add bounds check for cvs command arguments. Initial diff by Tobias
Stoeckmann, rearranged to "if (num_items >= BUFSIZ)" format for readability. I would have liked to allow our cvs client to accept as many arguments as the system would allow, but the argument parsing code is surprising hairy. OK niallo@.
Diffstat (limited to 'usr.bin/cvs')
-rw-r--r--usr.bin/cvs/cvs.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/cvs/cvs.c b/usr.bin/cvs/cvs.c
index 19b6a3ed96d..07189832b90 100644
--- a/usr.bin/cvs/cvs.c
+++ b/usr.bin/cvs/cvs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cvs.c,v 1.127 2007/05/27 04:12:32 ray Exp $ */
+/* $OpenBSD: cvs.c,v 1.128 2007/05/27 21:14:06 ray Exp $ */
/*
* Copyright (c) 2006, 2007 Joris Vink <joris@openbsd.org>
* Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
@@ -233,6 +233,8 @@ main(int argc, char **argv)
cmd_argc += ret;
}
+ if (argc + cmd_argc >= CVS_CMD_MAXARG)
+ fatal("main: too many arguments for `%s'", cmd_argv[0]);
for (ret = 1; ret < argc; ret++)
cmd_argv[cmd_argc++] = argv[ret];