--- freeradius-1.0.0/src/main/exec.c	2004-02-26 12:04:22.000000000 -0700
+++ exec-chm.c	2004-08-13 13:36:12.000000000 -0600
@@ -114,13 +114,31 @@
 	 *	buffer first, and then do the translation on every
 	 *	subsequent string.
 	 */
-	p = strtok(buf, " \t");
-	if (p) do {
-		argv[++argc] = p;
-		p = strtok(NULL, " \t");
-	} while(p != NULL);
 
-	argv[++argc] = p;
+	p = buf;
+	/* step through entire string, noting separate args by spaces or
+	 * single/double quotes */
+	while (*p) {
+		if (*p != ' ' && *p != '\t') {
+			/* Quotes: Search for matching quote; if found mark token */
+			if (*p == '\'' || *p == '\"') {
+				char qt = *p;
+				argv[++argc] = p+1;
+				while (*++p != qt && *p);
+				if (*p) {
+					*(p++) = '\x00'; /* Make closing quote string terminator */
+				}
+			} else {
+				/* Start of unquoted arg -- mark it */
+				argv[++argc] = p;
+				while (*p && (*p != '\t' && *p != ' ')) p++;
+			}
+		} else {
+			*p = 0x00; /* terminate each string on first whitespace */
+			while (*++p && (*p == '\t' || *p == ' '));
+		}
+	}
+
 	if (argc == 0) {
 		radlog(L_ERR, "Exec-Program: empty command line.");
 		return -1;