- dtucker@cvs.openbsd.org 2012/09/18 10:36:12

[sftp.c] Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc Robert via tech@, ok djm
author: Darren Tucker <dtucker@zip.com.au> 2012-10-05 02:43:58 +0200
committer: Darren Tucker <dtucker@zip.com.au> 2012-10-05 02:43:58 +0200
commit: 063018d9f6f7beb1408213fc27c720534e7c987e (patch)
tree: 67a9089586a92d0aa8678ad08e490b92fcb74e0e /sftp.c
parent: - markus@cvs.openbsd.org 2012/09/17 13:04:11 (diff)
download: openssh-063018d9f6f7beb1408213fc27c720534e7c987e.tar.xz
openssh-063018d9f6f7beb1408213fc27c720534e7c987e.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/sftp.c b/sftp.c
index 217b63a2d..3c7bc64e1 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -991,6 +991,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
 	state = MA_START;
 	i = j = 0;
 	for (;;) {
+		if (argc >= sizeof(argv) / sizeof(*argv)){
+			error("Too many arguments.");
+			return NULL;
+		}
 		if (isspace(arg[i])) {
 			if (state == MA_UNQUOTED) {
 				/* Terminate current argument */
author	Darren Tucker <dtucker@zip.com.au>	2012-10-05 02:43:58 +0200
committer	Darren Tucker <dtucker@zip.com.au>	2012-10-05 02:43:58 +0200
commit	063018d9f6f7beb1408213fc27c720534e7c987e (patch)
tree	67a9089586a92d0aa8678ad08e490b92fcb74e0e /sftp.c
parent	- markus@cvs.openbsd.org 2012/09/17 13:04:11 (diff)
download	openssh-063018d9f6f7beb1408213fc27c720534e7c987e.tar.xz openssh-063018d9f6f7beb1408213fc27c720534e7c987e.zip