From f9632d5c434b9ce0e163eaf60bbe1f3c4d589991 Mon Sep 17 00:00:00 2001
From: John Preston <johnprestonmail@gmail.com>
Date: Tue, 9 Oct 2018 12:13:41 +0300
Subject: [PATCH] Fix possible buffer overflow in Linux Updater.

Fixes #5227.
---
 Telegram/SourceFiles/_other/updater_linux.cpp | 58 +++++++++----------
 1 file changed, 28 insertions(+), 30 deletions(-)

diff --git a/Telegram/SourceFiles/_other/updater_linux.cpp b/Telegram/SourceFiles/_other/updater_linux.cpp
index 869e937b8..abee1c2b7 100644
--- a/Telegram/SourceFiles/_other/updater_linux.cpp
+++ b/Telegram/SourceFiles/_other/updater_linux.cpp
@@ -14,6 +14,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 #include <pwd.h>
 #include <string>
 #include <deque>
+#include <vector>
 #include <cstring>
 #include <cerrno>
 #include <algorithm>
@@ -23,6 +24,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
 
 using std::string;
 using std::deque;
+using std::vector;
 using std::cout;
 
 bool do_mkdir(const char *path) { // from http://stackoverflow.com/questions/675039/how-can-i-create-directory-tree-in-c-linux
@@ -439,43 +441,39 @@ int main(int argc, char *argv[]) {
 		writeLog("Error: short exe name!");
 	}
 
-	static const int MaxLen = 65536, MaxArgsCount = 128;
+	auto fullBinaryPath = exePath + exeName;
+	const auto path = fullBinaryPath.c_str();
 
-	char path[MaxLen] = {0};
-	string fullBinaryPath = exePath + exeName;
-	strcpy(path, fullBinaryPath.c_str());
-
-	char *args[MaxArgsCount] = { 0 };
-	char p_noupdate[] = "-noupdate";
-	char p_autostart[] = "-autostart";
-	char p_debug[] = "-debug";
-	char p_tosettings[] = "-tosettings";
-	char p_key[] = "-key";
-	char p_startintray[] = "-startintray";
-	char p_testmode[] = "-testmode";
-	char p_externalupdater[] = "-externalupdater";
-	char p_workdir[] = "-workdir";
-	int argIndex = 0;
-	args[argIndex++] = path;
-	args[argIndex++] = p_noupdate;
-	if (autostart) args[argIndex++] = p_autostart;
-	if (debug) args[argIndex++] = p_debug;
-	if (startintray) args[argIndex++] = p_startintray;
-	if (testmode) args[argIndex++] = p_testmode;
-	if (externalupdater) args[argIndex++] = p_externalupdater;
-	if (tosettings) args[argIndex++] = p_tosettings;
+	auto args = vector<const char*>();
+	const auto push = [&](const char *arg) {
+		args.push_back(arg);
+	};
+	push(path);
+	push("-noupdate");
+	if (autostart) push("-autostart");
+	if (debug) push("-debug");
+	if (startintray) push("-startintray");
+	if (testmode) push("-testmode");
+	if (externalupdater) push("-externalupdater");
+	if (tosettings) push("-tosettings");
 	if (key) {
-		args[argIndex++] = p_key;
-		args[argIndex++] = key;
+		push("-key");
+		push(key);
 	}
 	if (customWorkingDir && workdir) {
-		args[argIndex++] = p_workdir;
-		args[argIndex++] = workdir;
+		push("-workdir");
+		push(workdir);
 	}
+
+	push(nullptr);
 	pid_t pid = fork();
 	switch (pid) {
-	case -1: writeLog("fork() failed!"); return 1;
-	case 0: execv(path, args); return 1;
+	case -1:
+		writeLog("fork() failed!");
+		return 1;
+	case 0:
+		execv(path, args.data());
+		return 1;
 	}
 
 	writeLog("Executed Telegram, closing log and quitting..");