exec: prevent a command in a current dirctory from being executed

A command in a current directory should be executed only if $PATH contains the directory such as '.'. This will improve the compatibility with Unix shell script and the security. modified: exec.c
2016-12-22 12:59:04 +09:00 · 2016-12-22 12:59:04 +09:00 · 1b4d572b77
commit 1b4d572b77
parent eb43e28996
1 changed files with 9 additions and 0 deletions
--- a/exec.c
+++ b/exec.c
@ -1332,6 +1332,15 @@ search_path(const char *name, const char *lpath,
 		sp = p;
 		XcheckN(xs, xp, namelen);
 		memcpy(xp, name, namelen);
+#ifdef __OS2__
+		/*
+		 * Skip path without a directory part to prevent from searching the
+		 * current directory. For example, PATH=;...;;...;
+		 */
+		if (!mksh_vdirsep(Xstring(xs, xp)))
+		/* nothing */;
+		else
+#endif
 		if ((ev = search_access(Xstring(xs, xp), mode)) == 0) {
 			name = Xclose(xs, xp + namelen);
 			goto search_path_ok;