commit 70f1594284d577ebaca53e1d92026c0f9cecf27e
parent a034804a0f08538fac5dcdd1080c80b6b8686d00
Author: Jacob R. Edwards <n/a>
Date: Tue, 27 Dec 2022 08:53:44 -0800
Prevent overflow in client xargs function
In xargs, the number of arguments gathered is counted and returned.
Now, once the biggest number that counter can hold is reached, it
stops counting (but still gathers any number of arguments).
Diffstat:
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/apc/apc.c b/apc/apc.c
@@ -19,6 +19,7 @@
#include <sys/socket.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -106,6 +107,11 @@ apc_stream(struct apc *apc, FILE *fp)
return err;
}
+/*
+ * Returns the number of arguments gathered. If negative that many
+ * were gathered before an error. If LONG_MAX is returned, it may
+ * have gathered any number of arguments.
+ */
long
xargs(struct apc *apc, FILE *fp)
{
@@ -122,7 +128,8 @@ xargs(struct apc *apc, FILE *fp)
buf[--len] = 0;
if (apc_bufword(apc, buf))
return -nargs;
- ++nargs;
+ if (nargs < LONG_MAX)
+ ++nargs;
}
free(buf);
if (ferror(stdin))
