circlecloud/tmux
1
0
Fork 0
mirror of https://github.com/tmux/tmux.git synced 2025-09-01 12:37:02 +00:00
Code Issues Projects Releases Wiki Activity

Do not double free argv from MSG_COMMAND if it is too long, reported by

Browse Source 
sai02 at student dot ubc dot ca via deraadt. ok deraadt
This commit is contained in:
nicm
2025-08-22 07:26:25 +00:00
parent 1370791734
commit 12452f4427
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server-client.c
View File

@ -3446,7 +3446,7 @@ server_client_dispatch_command(struct client *c, struct imsg *imsg)
struct msg_command data;
char *buf;
size_t len;
int argc;
int argc = 0;
char **argv, *cause;
struct cmd_parse_result *pr;
struct args_value *values;
@ -3465,12 +3465,12 @@ server_client_dispatch_command(struct client *c, struct imsg *imsg)
if (len > 0 && buf[len - 1] != '\0')
fatalx("bad MSG_COMMAND string");
argc = data.argc;
if (cmd_unpack_argv(buf, len, argc, &argv) != 0) {
if (cmd_unpack_argv(buf, len, data.argc, &argv) != 0) {
cause = xstrdup("command too long");
goto error;
}
argc = data.argc;
if (argc == 0) {
cmdlist = cmd_list_copy(options_get_command(global_options,
"default-client-command"), 0, NULL);