commit b906f715cc15b43d54bd8d9e284be85cb6757bd8
parent 841bc65a7f56c069ee71045e0e2259a3775d2e3a
Author: leitner <leitner>
Date: Thu, 29 Nov 2007 23:44:01 +0000
fix (apparently unexploitable) stack clobber in serdo
(found by Nikola Vladov, many thanks)
Diffstat:
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/CHANGES b/CHANGES
@@ -2,6 +2,8 @@
when serdo is run without arguments, and a file called "script"
exists in the current working directory, executes that (to save a
few inodes for the "params" files
+ fix (apparently unexploitable) stack clobber in serdo
+ (found by Nikola Vladov, many thanks)
0.10:
add sample script for /etc/minit/ctrlaltdel/run as
diff --git a/serdo.c b/serdo.c
@@ -58,9 +58,10 @@ int spawn(char** argv, int last) {
int run(char* s,int last) {
int i,spaces;
- char** argv,**next;;
+ char** argv,**next;
for (i=spaces=0; s[i]; ++i) if (s[i]==' ') ++spaces;
- next=argv=alloca((spaces+1)*sizeof(char*));
+ next=argv=alloca((spaces+2)*sizeof(char*));
+
while (*s) {
while (*s && isspace(*s)) ++s;
if (*s=='"') {
