From 1b4d572b777b508db33d819288dd4ea188e65aa8 Mon Sep 17 00:00:00 2001
From: KO Myung-Hun <komh@chollian.net>
Date: Thu, 22 Dec 2016 12:59:04 +0900
Subject: [PATCH] exec: prevent a command in a current dirctory from being
 executed

A command in a current directory should be executed only if $PATH
contains the directory such as '.'.

This will improve the compatibility with Unix shell script and the
security.

    modified:   exec.c
---
 exec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/exec.c b/exec.c
index e674d87..0c9ca77 100644
--- a/exec.c
+++ b/exec.c
@@ -1332,6 +1332,15 @@ search_path(const char *name, const char *lpath,
 		sp = p;
 		XcheckN(xs, xp, namelen);
 		memcpy(xp, name, namelen);
+#ifdef __OS2__
+		/*
+		 * Skip path without a directory part to prevent from searching the
+		 * current directory. For example, PATH=;...;;...;
+		 */
+		if (!mksh_vdirsep(Xstring(xs, xp)))
+		/* nothing */;
+		else
+#endif
 		if ((ev = search_access(Xstring(xs, xp), mode)) == 0) {
 			name = Xclose(xs, xp + namelen);
 			goto search_path_ok;