diff options
| author | Kacper <kacper@mail.openlinux.dev> | 2025-12-09 19:20:15 +0100 |
|---|---|---|
| committer | Kacper <kacper@mail.openlinux.dev> | 2025-12-09 19:20:15 +0100 |
| commit | 885f5974cdf65b59415837ae97f5a14ef1350670 (patch) | |
| tree | 66ac13de29c7f4932c5fcae11773df574e4e256a /lib/libc/unistd | |
| parent | 8f9e448b2ef6db7cd905540c21f3c5b190e7a1e7 (diff) | |
feat: add gzip and new headers
Diffstat (limited to 'lib/libc/unistd')
| -rw-r--r-- | lib/libc/unistd/execvp.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/libc/unistd/execvp.c b/lib/libc/unistd/execvp.c index ae8ecdb9..c678ed36 100644 --- a/lib/libc/unistd/execvp.c +++ b/lib/libc/unistd/execvp.c @@ -34,7 +34,12 @@ int execvp(const char *file, char *const argv[]) return -1; } - execv(buf, argv); + /* Validate path doesn't contain dangerous + * characters */ + if (strstr(buf, "..") == NULL && + strchr(buf, '\0') == buf + strlen(buf)) { + execv(buf, argv); + } break; } @@ -45,7 +50,12 @@ int execvp(const char *file, char *const argv[]) return -1; } - execv(buf, argv); + /* Validate path doesn't contain dangerous characters */ + if (strstr(buf, "..") == NULL && + strchr(buf, '\0') == buf + strlen(buf)) { + execv(buf, argv); + } + path = ptr + 1; } while (*ptr != '\0'); errno = ENOENT; |