Prevent out of boundary write with configuration files in which too many

quoted arguments are stored for other window managers. The quotation handling happens within the while loop without checking if the "end" limit has been already reached. If this happens, the final NULL assignment leads to an out of boundary write on stack. OK okan@
author: Tobias Stoeckmann <tobias@cvs.openbsd.org> 2020-04-16 17:12:50 +0000
committer: Tobias Stoeckmann <tobias@cvs.openbsd.org> 2020-04-16 17:12:50 +0000
commit: d152e7f8334f55344e0f67d80cfabc301ef6af16 (patch)
tree: 4aa29f4ae80faa1792ef8e1a77de5c0893a737a9 /app/cwm/util.c
parent: 14889442d4c7a62ea5d2585be8b3629d37b0e57e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/app/cwm/util.c b/app/cwm/util.c
index cb101eec5..381d6aee0 100644
--- a/app/cwm/util.c
+++ b/app/cwm/util.c
@@ -15,7 +15,7 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
- * $OpenBSD: util.c,v 1.25 2020/02/27 14:56:39 okan Exp $
+ * $OpenBSD: util.c,v 1.26 2020/04/16 17:12:49 tobias Exp $
  */
 
 #include <sys/types.h>
@@ -53,7 +53,7 @@ u_exec(char *argstr)
 {
 #define MAXARGLEN 20
 	char	*args[MAXARGLEN], **ap = args;
-	char	**end = &args[MAXARGLEN - 1], *tmp;
+	char	**end = &args[MAXARGLEN - 2], *tmp;
 	char	*s = argstr;
 
 	while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) {
author	Tobias Stoeckmann <tobias@cvs.openbsd.org>	2020-04-16 17:12:50 +0000
committer	Tobias Stoeckmann <tobias@cvs.openbsd.org>	2020-04-16 17:12:50 +0000
commit	d152e7f8334f55344e0f67d80cfabc301ef6af16 (patch)
tree	4aa29f4ae80faa1792ef8e1a77de5c0893a737a9 /app/cwm/util.c
parent	14889442d4c7a62ea5d2585be8b3629d37b0e57e (diff)