server: Avoid segfault in com_sender().

If exactly one argument is given to the sender command, and this
argument is the name of an existing sender, the sender command
segfaults due to the NULL pointer dereference. The problem is an
off-by-one bug in the check for the number of arguments.

This patch makes sure we never dereference argv[2] if it is NULL.

diff --git a/command.c b/command.c
index 2e733c5c6151b87eff0a9ac1c16b65ab64cbf5ad..f1f00fca8a29add0e35a2e415a927bdeb75c4376 100644 (file)
--- a/command.c
+++ b/command.c
@@ -156,7 +156,7 @@ static int check_sender_args(int argc, char * const * argv, struct sender_comman
        const char *subcmds[] = {"add", "delete", "allow", "deny", "on", "off", NULL};
 
        scd->sender_num = -1;
        const char *subcmds[] = {"add", "delete", "allow", "deny", "on", "off", NULL};
 
        scd->sender_num = -1;

-       if (argc < 2)
+       if (argc < 3)

                return -E_COMMAND_SYNTAX;
        for (i = 0; senders[i].name; i++)
                if (!strcmp(senders[i].name, argv[1]))
                return -E_COMMAND_SYNTAX;
        for (i = 0; senders[i].name; i++)
                if (!strcmp(senders[i].name, argv[1]))