Overflow when parsing config lines with many arguments
It is possible to overflow tokens with a configuration that contains many arguments in one line.
At first, the upper limit is specified as sizeof(tokens), which is wrong. It has to be DEFAULT_MAX_CONF_TOKEN or sizeof(tokens) / sizeof(tokens[0]). The former is shorter, therefor I took that one.
The next issue is in utils_tokenize_ignore_comments, which verifies that enough space is available only with the ' ' separator. Later in the code, '\t' is also allowed as a separator, which means that more arguments could show up than previously taken into account during size checks.
This is an unlikely case, so the check will be done while parsing. When the limit is reached, previously allocated memory is released again and error value is returned.
Trac:
Username: junglefowl