wordsplit: use endstr when checking for quoted chars

This is more correct since we may be passed a sub-string.
It is not a security issue since we are always working
with a NUL-terminated C string.

Reported by Reaxx.

Author: millert

plugins/sudoers/editor.c

@@ -73,7 +73,7 @@ wordsplit(const char *str, const char *endstr, const char **last)
 
     /* Scan str until we encounter white space. */
     for (cp = str; cp < endstr; cp++) {
-	if (cp[0] == '\\' && cp[1] != '\0') {
+	if (*cp == '\\' && cp + 1 < endstr) {
 	    /* quoted char, do not interpret */
 	    cp++;
 	    continue;