From 885f5974cdf65b59415837ae97f5a14ef1350670 Mon Sep 17 00:00:00 2001
From: Kacper <kacper@mail.openlinux.dev>
Date: Tue, 9 Dec 2025 19:20:15 +0100
Subject: feat: add gzip and new headers

---
 lib/libc/unistd/execvp.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'lib/libc/unistd/execvp.c')

diff --git a/lib/libc/unistd/execvp.c b/lib/libc/unistd/execvp.c
index ae8ecdb9..c678ed36 100644
--- a/lib/libc/unistd/execvp.c
+++ b/lib/libc/unistd/execvp.c
@@ -34,7 +34,12 @@ int execvp(const char *file, char *const argv[])
 					return -1;
 				}
 
-				execv(buf, argv);
+				/* Validate path doesn't contain dangerous
+				 * characters */
+				if (strstr(buf, "..") == NULL &&
+				    strchr(buf, '\0') == buf + strlen(buf)) {
+					execv(buf, argv);
+				}
 				break;
 			}
 
@@ -45,7 +50,12 @@ int execvp(const char *file, char *const argv[])
 				return -1;
 			}
 
-			execv(buf, argv);
+			/* Validate path doesn't contain dangerous characters */
+			if (strstr(buf, "..") == NULL &&
+			    strchr(buf, '\0') == buf + strlen(buf)) {
+				execv(buf, argv);
+			}
+			path = ptr + 1;
 		} while (*ptr != '\0');
 
 		errno = ENOENT;
-- 
cgit v1.2.3