1 files changed, 12 insertions, 2 deletions

diff --git a/lib/libc/unistd/execvp.c b/lib/libc/unistd/execvp.c
index ae8ecdb9..c678ed36 100644
--- a/lib/libc/unistd/execvp.c
+++ b/lib/libc/unistd/execvp.c
@@ -34,7 +34,12 @@ int execvp(const char *file, char *const argv[])
 					return -1;
 				}
 
-				execv(buf, argv);
+				/* Validate path doesn't contain dangerous
+				 * characters */
+				if (strstr(buf, "..") == NULL &&
+				    strchr(buf, '\0') == buf + strlen(buf)) {
+					execv(buf, argv);
+				}
 				break;
 			}
 
@@ -45,7 +50,12 @@ int execvp(const char *file, char *const argv[])
 				return -1;
 			}
 
-			execv(buf, argv);
+			/* Validate path doesn't contain dangerous characters */
+			if (strstr(buf, "..") == NULL &&
+			    strchr(buf, '\0') == buf + strlen(buf)) {
+				execv(buf, argv);
+			}
+			path = ptr + 1;
 		} while (*ptr != '\0');
 
 		errno = ENOENT;