static void xfwritestring(const char *s, FILE *file) {
int l;
l= strlen(s);
+ assert(l<=MAX_GENERAL_STRING);
xfwrite(&l,sizeof(l),file);
xfwrite(s,sizeof(*s)*l,file);
}
static void of_defvar(const struct optioninfo *oip, const char *value, char *key) {
int i;
+ if (strlen(key)>MAX_GENERAL_STRING)
+ usageerror("variable name `%s' is far too long",key);
+ if (strlen(value)>MAX_GENERAL_STRING)
+ usageerror("variable `%s' has value `%s' which is far too long",key,value);
for (i=0; i<defvarsused && strcmp(defvarsarray[i][0],key); i++);
+ if (defvarsused >= MAX_ARGSDEFVARS) usageerror("far too many --defvar or -D options");
if (i>=defvarsavail) {
defvarsavail+=10; defvarsavail<<=1;
defvarsarray= xrealloc(defvarsarray,sizeof(const char*)*2*defvarsavail);
argc-= (argpp-argv);
argv= argpp;
-
+ if (argc > MAX_ARGSDEFVARS) usageerror("far too many arguments");
+ if (ngids > MAX_GIDS) miscerror("caller is in far too many gids");
+
pw= getpwnam(serviceuser);
if (!pw) miscerror("requested service user `%s' is not a user",serviceuser);
serviceuid= pw->pw_uid;
if (fdsetup[fd].catpid==-1) syscallerror("fork for cat for fd %d",fd);
if (!fdsetup[fd].catpid) {
snprintf(catnamebuf,sizeof(catnamebuf),"cat fd%d",fd);
+ catnamebuf[sizeof(catnamebuf)-1]= 0;
sig.sa_handler= SIG_DFL;
sigemptyset(&sig.sa_mask);
sig.sa_flags= 0;
catnamebuf,strerror(errno));
exit(-1);
}
- catnamebuf[sizeof(catnamebuf)-1]= 0;
reading= fdsetup[fd].mods & fdm_read;
catdup(catnamebuf, fdsetup[fd].copyfd, reading ? 0 : 1);
catdup(catnamebuf, fdsetup[fd].pipefd, reading ? 1 : 0);
- execlp("cat",catnamebuf,(char*)0);
+ execl("/bin/cat",catnamebuf,(char*)0);
fprintf(stderr,"userv: %s: cannot exec `cat': %s\n",catnamebuf,strerror(errno));
exit(-1);
}