[PATCH] rsh.c unterminated string
authorH. Peter Anvin <hpa@zytor.com>
Fri, 23 Sep 2005 23:30:50 +0000 (16:30 -0700)
committerJunio C Hamano <junkio@cox.net>
Sat, 24 Sep 2005 01:07:42 +0000 (18:07 -0700)
The change I made to rsh.c would leave the string unterminated under
certain conditions, which unfortunately always applied! This patch
fixes this. For some reason this never bit on i386 or ppc, but bit me
on x86-64.

Fix situation where the buffer was not properly null-terminated.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
rsh.c
diff --git a/rsh.c b/rsh.c
index 1c636861ddec037854240d6d3f5fa517d605bc2f..bad5cff2c287d3c7dd288308428b89e0cb12299d 100644 (file)
--- a/rsh.c
+++ b/rsh.c
@@ -53,6 +53,7 @@ static int add_to_string(char **ptrp, int *sizep, const char *str, int quote)
        char *p = *ptrp;
        int size = *sizep;
        int oc;
+       int err = 0;
 
        if ( quote ) {
                oc = shell_quote(p, size, str);
@@ -62,15 +63,14 @@ static int add_to_string(char **ptrp, int *sizep, const char *str, int quote)
        }
 
        if ( oc >= size ) {
-               p[size-1] = '\0';
-               *ptrp += size-1;
-               *sizep = 1;
-               return 1;       /* Overflow, string unusable */
+               err = 1;
+               oc = size-1;
        }
 
        *ptrp  += oc;
+       **ptrp  = '\0';
        *sizep -= oc;
-       return 0;
+       return err;
 }
 
 int setup_connection(int *fd_in, int *fd_out, const char *remote_prog,