Fix BSS buffer overflow in makeargv().

author: tjr <tjr@FreeBSD.org> 2003-10-12 00:27:55 +0000
committer: tjr <tjr@FreeBSD.org> 2003-10-12 00:27:55 +0000
commit: fef194d740bdc3a139dcc3c56e8cfd55261dc308 (patch)
tree: f2a1012b46d0b24f3dc9ce1ca7a9cb77fa547675 /usr.bin/tftp
parent: cb8b38ab31d6cbfc6a32d921a5b1caacb253eae7 (diff)
download: FreeBSD-src-fef194d740bdc3a139dcc3c56e8cfd55261dc308.zip
FreeBSD-src-fef194d740bdc3a139dcc3c56e8cfd55261dc308.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/tftp/main.c b/usr.bin/tftp/main.c
index d4fc7c8..08a7f13 100644
--- a/usr.bin/tftp/main.c
+++ b/usr.bin/tftp/main.c
@@ -85,7 +85,8 @@ int	connected;
 char	mode[32];
 char	line[MAXLINE];
 int	margc;
-char	*margv[20];
+#define	MAX_MARGV	20
+char	*margv[MAX_MARGV];
 jmp_buf	toplevel;
 volatile int txrx_error;
 
@@ -719,7 +720,7 @@ makeargv()
 	margc = 0;
 	if ((cp = strchr(line, '\n')))
 		*cp = '\0';
-	for (cp = line; *cp;) {
+	for (cp = line; margc < MAX_MARGV - 1 && *cp;) {
 		while (isspace(*cp))
 			cp++;
 		if (*cp == '\0')
author	tjr <tjr@FreeBSD.org>	2003-10-12 00:27:55 +0000
committer	tjr <tjr@FreeBSD.org>	2003-10-12 00:27:55 +0000
commit	fef194d740bdc3a139dcc3c56e8cfd55261dc308 (patch)
tree	f2a1012b46d0b24f3dc9ce1ca7a9cb77fa547675 /usr.bin/tftp
parent	cb8b38ab31d6cbfc6a32d921a5b1caacb253eae7 (diff)
download	FreeBSD-src-fef194d740bdc3a139dcc3c56e8cfd55261dc308.zip FreeBSD-src-fef194d740bdc3a139dcc3c56e8cfd55261dc308.tar.gz