From 85facf0ed7d20fd6e060f4b25b388cfe820f51a1 Mon Sep 17 00:00:00 2001 From: Ray Lai Date: Sun, 27 May 2007 21:14:07 +0000 Subject: Add bounds check for cvs command arguments. Initial diff by Tobias Stoeckmann, rearranged to "if (num_items >= BUFSIZ)" format for readability. I would have liked to allow our cvs client to accept as many arguments as the system would allow, but the argument parsing code is surprising hairy. OK niallo@. --- usr.bin/cvs/cvs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'usr.bin/cvs') diff --git a/usr.bin/cvs/cvs.c b/usr.bin/cvs/cvs.c index 19b6a3ed96d..07189832b90 100644 --- a/usr.bin/cvs/cvs.c +++ b/usr.bin/cvs/cvs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cvs.c,v 1.127 2007/05/27 04:12:32 ray Exp $ */ +/* $OpenBSD: cvs.c,v 1.128 2007/05/27 21:14:06 ray Exp $ */ /* * Copyright (c) 2006, 2007 Joris Vink * Copyright (c) 2004 Jean-Francois Brousseau @@ -233,6 +233,8 @@ main(int argc, char **argv) cmd_argc += ret; } + if (argc + cmd_argc >= CVS_CMD_MAXARG) + fatal("main: too many arguments for `%s'", cmd_argv[0]); for (ret = 1; ret < argc; ret++) cmd_argv[cmd_argc++] = argv[ret]; -- cgit v1.2.3