>From 4aad53ba2fd443da8d9bcae9816bf719438095a5 Mon Sep 17 00:00:00 2001
From: Peter Kasza
Date: Fri, 23 Jun 2017 21:14:32 +0200
Subject: [PATCH 1/3] check arg count in makeargv to fix buffer overflow
---
telnet/commands.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/telnet/commands.c b/telnet/commands.c
index cd0c75a..57e33c2 100644
--- a/telnet/commands.c
+++ b/telnet/commands.c
@@ -113,6 +113,8 @@
# include
#endif
+#define TELNET_MAX_ARGS 20
+
char *hostname = 0;
extern char *getenv (const char *);
@@ -135,7 +137,7 @@ typedef struct
static char line[256];
static char saveline[256];
static int margc;
-static char *margv[20];
+static char *margv[TELNET_MAX_ARGS];
static void
makeargv (void)
@@ -152,7 +154,7 @@ makeargv (void)
margc++;
cp++;
}
- while ((c = *cp))
+ while ((c = *cp) && (margc < TELNET_MAX_ARGS - 1))
{
register int inquote = 0;
while (isspace (c))
--
2.13.1