bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-inetutils] [PATCH] Do not read beyond end of argv in ftp/main.c


From: Omer Anson
Subject: [bug-inetutils] [PATCH] Do not read beyond end of argv in ftp/main.c
Date: Wed, 21 Jun 2017 21:51:18 +0300

Currently, ftp/main.c populates xargv from argv, reading the next three
items regardless of whether they are defined or not (i.e. regardless of
the value of argc as long as it is positive). This may cause undefined
behaviour.

This change takes argc into account when populating xargv from argv.
---
 ftp/main.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ftp/main.c b/ftp/main.c
index 4ccb079..33c5510 100644
--- a/ftp/main.c
+++ b/ftp/main.c
@@ -285,17 +285,17 @@ main (int argc, char *argv[])
     }
   if (argc > 0)
     {
-      char *xargv[5];
+      char *xargv[5] = {0};
+      int cnt = 0;
 
       if (setjmp (toplevel))
        exit (EXIT_SUCCESS);
       signal (SIGINT, intr);
       signal (SIGPIPE, lostpeer);
       xargv[0] = program_invocation_name;
-      xargv[1] = argv[0];
-      xargv[2] = argv[1];
-      xargv[3] = argv[2];
-      xargv[4] = NULL;
+      for (cnt = 0; cnt < argc && cnt < 3; cnt++) {
+             xargv[cnt+1] = argv[cnt];
+      }
       setpeer (argc + 1, xargv);
     }
   top = setjmp (toplevel) == 0;
-- 
2.4.11




reply via email to

[Prev in Thread] Current Thread [Next in Thread]