From: Roy Marples <roy@marples.name>
Date: Wed, 13 Aug 2014 23:31:23 +0000 (+0000)
Subject: Sanitize input via the control socket a little better.
X-Git-Tag: v6.4.4~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69e879cab37dfb10b26a6dfa7183c4da444e5d86;p=thirdparty%2Fdhcpcd.git

Sanitize input via the control socket a little better.
Thanks to Tobias Stoeckmann.
---

diff --git a/control.c b/control.c
index e043ccd8..399ee121 100644
--- a/control.c
+++ b/control.c
@@ -88,18 +88,19 @@ control_handle_data(void *arg)
 		ap = argvp;
 		while (p < e) {
 			argc++;
-			if ((size_t)argc > sizeof(argvp)) {
+			if ((size_t)argc >= sizeof(argvp) / sizeof(argvp[0])) {
 				errno = ENOBUFS;
 				return;
 			}
 			a = *ap++ = p;
 			len = strlen(p);
 			p += len + 1;
-			if (a[len - 1] == '\n') {
+			if (len && a[len - 1] == '\n') {
 				a[len - 1] = '\0';
 				break;
 			}
 		}
+		*ap = NULL;
 		dhcpcd_handleargs(l->ctx, l, argc, argvp);
 	}
 }