1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Description: Buffer overflow caused by long commands.
Allocate a sufficient amount of memory to handle
many arguments.
X-Closes: #391207, #407924
X-Comment: debdiff netkit-ftp_0.17-{16,18}.dsc
Description interpreted from #407924
Author: Steve Kemp <skx@debian.org>
Forwarded: no
Last-Update: 2008-03-26
diff -u netkit-ftp-0.17/ftp/main.c netkit-ftp-0.17/ftp/main.c
--- netkit-ftp-0.17/ftp/main.c
+++ netkit-ftp-0.17/ftp/main.c
@@ -478,10 +478,24 @@
char **
makeargv(int *pargc, char **parg)
{
- static char *rargv[20];
+ static char **rargv = NULL;
int rargc = 0;
+ int i = 0, count = 0;
char **argp;
+
+ /* Allocate enough space: err on the side of caution */
+ while ( line[i] != '\0' ) {
+ if ( line[i] == ' ' )
+ count += 1 ;
+ i+= 1;
+ }
+
+ /* allocate memory for $count-sized array of chars */
+ rargv = (char **) malloc( count * strlen(line));
+ if (rargv == NULL)
+ fatal("Out of memory");
+
INTOFF;
argbuf = obstack_alloc(&mainobstack, strlen(line) + 1);
INTON;
|
