fix (apparently unexploitable) stack clobber in serdo (found by Nikola Vladov, many thanks) - minit - A small yet feature-complete init (http://fefe.de/minit/)

commit b906f715cc15b43d54bd8d9e284be85cb6757bd8
parent 841bc65a7f56c069ee71045e0e2259a3775d2e3a
Author: leitner <leitner>
Date:   Thu, 29 Nov 2007 23:44:01 +0000

  fix (apparently unexploitable) stack clobber in serdo
    (found by Nikola Vladov, many thanks)

Diffstat:
M CHANGES  | 2 ++
M serdo.c  | 5 +++--

2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/CHANGES b/CHANGES
@@ -2,6 +2,8 @@
   when serdo is run without arguments, and a file called "script"
     exists in the current working directory, executes that (to save a
     few inodes for the "params" files
+  fix (apparently unexploitable) stack clobber in serdo
+    (found by Nikola Vladov, many thanks)
 
 0.10:
   add sample script for /etc/minit/ctrlaltdel/run as
diff --git a/serdo.c b/serdo.c
@@ -58,9 +58,10 @@ int spawn(char** argv, int last) {
 
 int run(char* s,int last) {
   int i,spaces;
-  char** argv,**next;;
+  char** argv,**next;
   for (i=spaces=0; s[i]; ++i) if (s[i]==' ') ++spaces;
-  next=argv=alloca((spaces+1)*sizeof(char*));
+  next=argv=alloca((spaces+2)*sizeof(char*));
+
   while (*s) {
     while (*s && isspace(*s)) ++s;
     if (*s=='"') {

	minit A small yet feature-complete init (http://fefe.de/minit/)
	Log \| Files \| Refs \| README \| LICENSE