X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=client.c;h=bee10a1a3a5857d95b5a2491b46bf1c31939fab5;hb=9f56f874416db295bdb50d448bd99cdd34db969d;hp=9d12491be10c38eefc8bff5f22cd72fc3f90e833;hpb=b613cadfdf189af1f4ee0b5bdc12cedda052c672;p=userv.git

diff --git a/client.c b/client.c
index 9d12491..bee10a1 100644
--- a/client.c
+++ b/client.c
@@ -264,6 +264,7 @@ static void xfwrite(const void *p, size_t sz, FILE *file) {
 static void xfwritestring(const char *s, FILE *file) {
   int l;
   l= strlen(s);
+  assert(l<=MAX_GENERAL_STRING);
   xfwrite(&l,sizeof(l),file);
   xfwrite(s,sizeof(*s)*l,file);
 }
@@ -419,7 +420,12 @@ static void of_fdwait(const struct optioninfo *oip, const char *value, char *key
 static void of_defvar(const struct optioninfo *oip, const char *value, char *key) {
   int i;
 
+  if (strlen(key)>MAX_GENERAL_STRING)
+    usageerror("variable name `%s' is far too long",key);
+  if (strlen(value)>MAX_GENERAL_STRING)
+    usageerror("variable `%s' has value `%s' which is far too long",key,value);
   for (i=0; i<defvarsused && strcmp(defvarsarray[i][0],key); i++);
+  if (defvarsused >= MAX_ARGSDEFVARS) usageerror("far too many --defvar or -D options");
   if (i>=defvarsavail) {
     defvarsavail+=10; defvarsavail<<=1;
     defvarsarray= xrealloc(defvarsarray,sizeof(const char*)*2*defvarsavail);
@@ -761,7 +767,9 @@ int main(int argc, char *const *argv) {
 
   argc-= (argpp-argv);
   argv= argpp;
-
+  if (argc > MAX_ARGSDEFVARS) usageerror("far too many arguments");
+  if (ngids > MAX_GIDS) miscerror("caller is in far too many gids");
+  
   pw= getpwnam(serviceuser);
   if (!pw) miscerror("requested service user `%s' is not a user",serviceuser);
   serviceuid= pw->pw_uid;
@@ -972,6 +980,7 @@ int main(int argc, char *const *argv) {
     if (fdsetup[fd].catpid==-1) syscallerror("fork for cat for fd %d",fd);
     if (!fdsetup[fd].catpid) {
       snprintf(catnamebuf,sizeof(catnamebuf),"cat fd%d",fd);
+      catnamebuf[sizeof(catnamebuf)-1]= 0;
       sig.sa_handler= SIG_DFL;
       sigemptyset(&sig.sa_mask);
       sig.sa_flags= 0;
@@ -980,11 +989,10 @@ int main(int argc, char *const *argv) {
 		catnamebuf,strerror(errno));
 	exit(-1);
       }
-      catnamebuf[sizeof(catnamebuf)-1]= 0;
       reading= fdsetup[fd].mods & fdm_read;
       catdup(catnamebuf, fdsetup[fd].copyfd, reading ? 0 : 1);
       catdup(catnamebuf, fdsetup[fd].pipefd, reading ? 1 : 0);
-      execlp("cat",catnamebuf,(char*)0);
+      execl("/bin/cat",catnamebuf,(char*)0);
       fprintf(stderr,"userv: %s: cannot exec `cat': %s\n",catnamebuf,strerror(errno));
       exit(-1);
     }