>From 4aad53ba2fd443da8d9bcae9816bf719438095a5 Mon Sep 17 00:00:00 2001
From: Peter Kasza <address@hidden>
Date: Fri, 23 Jun 2017 21:14:32 +0200
Subject: [PATCH 1/3] check arg count in makeargv to fix buffer overflow

---
 telnet/commands.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/telnet/commands.c b/telnet/commands.c
index cd0c75a..57e33c2 100644
--- a/telnet/commands.c
+++ b/telnet/commands.c
@@ -113,6 +113,8 @@
 # include <netinet/ip.h>
 #endif
 
+#define TELNET_MAX_ARGS 20
+
 char *hostname = 0;
 
 extern char *getenv (const char *);
@@ -135,7 +137,7 @@ typedef struct
 static char line[256];
 static char saveline[256];
 static int margc;
-static char *margv[20];
+static char *margv[TELNET_MAX_ARGS];
 
 static void
 makeargv (void)
@@ -152,7 +154,7 @@ makeargv (void)
       margc++;
       cp++;
     }
-  while ((c = *cp))
+  while ((c = *cp) && (margc < TELNET_MAX_ARGS - 1))
     {
       register int inquote = 0;
       while (isspace (c))
-- 
2.13.1