From: David Levine <levinedl@acm.org>
Date: Mon, 11 Mar 2013 23:57:01 +0000 (-0500)
Subject: Added check that writesomecmd() isn't at the end of argp before
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/e3c346c0fd80d1c88bc9e6902dcc4674c82d41b9?ds=inline;hp=-c

Added check that writesomecmd() isn't at the end of argp before
dereferencing ++argp.  I'm surprised that no one, including me,
tripped over this before:  whatnow(1) would seg fault when
handling, e.g., detach -n 4.  But until I upgraded to Fedora 18,
I never noticed it.  (valgrind did.)
---

e3c346c0fd80d1c88bc9e6902dcc4674c82d41b9
diff --git a/uip/whatnowsbr.c b/uip/whatnowsbr.c
index 0beba2b1..a084bafc 100644
--- a/uip/whatnowsbr.c
+++ b/uip/whatnowsbr.c
@@ -552,10 +552,10 @@ writesomecmd(char *buf, int bufsz, char *cmd, char *trailcmd, char **argp)
     int trailln = strlen(trailcmd) + 4;
     if (ln < 0 || ln + trailln > bufsz)
 	adios((char *)0, "arguments too long");
-    
+
     cp = buf + ln;
-    
-    while (*++argp != (char *)0) {
+
+    while (*argp  &&  *++argp) {
 	ln = strlen(*argp);
 	/* +1 for leading space */
 	if (ln + trailln + 1 > bufsz - (cp-buf))
@@ -618,7 +618,7 @@ popen_in_dir(const char *dir, const char *cmd, const char *type)
     /* ensure that $SHELL exists, as the cmd was written relying on
        a non-blank $SHELL... */
     setenv("SHELL","/bin/sh",0); /* don't overwrite */
-    
+
     if (getcwd(olddir, sizeof(olddir)) == 0)
 	adios("getcwd", "could not get working directory");
     if (chdir(dir) != 0)