From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Hemminger Subject: [PATCH] utils: fix makeargs stack overflow Date: Mon, 18 Dec 2017 11:15:46 -0800 Message-ID: <20171218191546.29122-1-stephen@networkplumber.org> Cc: Stephen Hemminger To: netdev@vger.kernel.org Return-path: Received: from mail-pf0-f193.google.com ([209.85.192.193]:36978 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934935AbdLRTPu (ORCPT ); Mon, 18 Dec 2017 14:15:50 -0500 Received: by mail-pf0-f193.google.com with SMTP id n6so10077961pfa.4 for ; Mon, 18 Dec 2017 11:15:50 -0800 (PST) Sender: netdev-owner@vger.kernel.org List-ID: The makeargs() function did not handle end of string correctly and would reference past end of string. Signed-off-by: Stephen Hemminger --- lib/utils.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index 7ced8c061cb0..df1f3b1238c0 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1206,10 +1206,16 @@ ssize_t getcmdline(char **linep, size_t *lenp, FILE *in) int makeargs(char *line, char *argv[], int maxargs) { static const char ws[] = " \t\r\n"; - char *cp; + char *cp = line; int argc = 0; - for (cp = line + strspn(line, ws); *cp; cp += strspn(cp, ws)) { + while (*cp) { + /* skip leading whitespace */ + cp += strspn(cp, ws); + + if (*cp == '\0') + break; + if (argc >= (maxargs - 1)) { fprintf(stderr, "Too many arguments to command\n"); exit(1); @@ -1226,13 +1232,16 @@ int makeargs(char *line, char *argv[], int maxargs) fprintf(stderr, "Unterminated quoted string\n"); exit(1); } - *cp++ = 0; - continue; + } else { + argv[argc++] = cp; + + /* find end of word */ + cp += strcspn(cp, ws); + if (*cp == '\0') + break; } - argv[argc++] = cp; - /* find end of word */ - cp += strcspn(cp, ws); + /* seperate words */ *cp++ = 0; } argv[argc] = NULL; -- 2.11.0