Prevent out of boundary write with configuration files in which too many quoted arguments are stored for other window managers.

The quotation handling happens within the while loop without checking if the "end" limit has been already reached. If this happens, the final NULL assignment leads to an out of boundary write on stack. OK okan@
author: tobias 2020-04-16 17:12:49 +0000
committer: Wynn Wolf Arbor 2020-04-18 21:10:54 +0200
commit: 5e894ea6661cb7cf4e46977364f0ed30682418ba (patch)
tree: 3815c5225d4fc1ba55b2f81a237c08b9e80bfd9e
parent: 23c5b2e81239675802d7cfe1b1572d89620f7485 (diff)
download: cwm-5e894ea6661cb7cf4e46977364f0ed30682418ba.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/util.c b/util.c
index cb101ee..381d6ae 100644
--- a/util.c
+++ b/util.c
@@ -15,7 +15,7 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  *
- * $OpenBSD: util.c,v 1.25 2020/02/27 14:56:39 okan Exp $
+ * $OpenBSD: util.c,v 1.26 2020/04/16 17:12:49 tobias Exp $
  */
 
 #include <sys/types.h>
@@ -53,7 +53,7 @@ u_exec(char *argstr)
 {
 #define MAXARGLEN 20
 	char	*args[MAXARGLEN], **ap = args;
-	char	**end = &args[MAXARGLEN - 1], *tmp;
+	char	**end = &args[MAXARGLEN - 2], *tmp;
 	char	*s = argstr;
 
 	while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) {
author	tobias	2020-04-16 17:12:49 +0000
committer	Wynn Wolf Arbor	2020-04-18 21:10:54 +0200
commit	5e894ea6661cb7cf4e46977364f0ed30682418ba (patch)
tree	3815c5225d4fc1ba55b2f81a237c08b9e80bfd9e
parent	23c5b2e81239675802d7cfe1b1572d89620f7485 (diff)
download	cwm-5e894ea6661cb7cf4e46977364f0ed30682418ba.tar.gz