From 5e894ea6661cb7cf4e46977364f0ed30682418ba Mon Sep 17 00:00:00 2001 From: tobias Date: Thu, 16 Apr 2020 17:12:49 +0000 Subject: Prevent out of boundary write with configuration files in which too many quoted arguments are stored for other window managers. The quotation handling happens within the while loop without checking if the "end" limit has been already reached. If this happens, the final NULL assignment leads to an out of boundary write on stack. OK okan@ --- util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'util.c') diff --git a/util.c b/util.c index cb101ee..381d6ae 100644 --- a/util.c +++ b/util.c @@ -15,7 +15,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * $OpenBSD: util.c,v 1.25 2020/02/27 14:56:39 okan Exp $ + * $OpenBSD: util.c,v 1.26 2020/04/16 17:12:49 tobias Exp $ */ #include @@ -53,7 +53,7 @@ u_exec(char *argstr) { #define MAXARGLEN 20 char *args[MAXARGLEN], **ap = args; - char **end = &args[MAXARGLEN - 1], *tmp; + char **end = &args[MAXARGLEN - 2], *tmp; char *s = argstr; while (ap < end && (*ap = strsep(&argstr, " \t")) != NULL) { -- cgit v1.2.3-2-gb3c3