mnc: fix arbitrary execution via ../ traversal

2018-11-08 00:59:34 +01:00 · 2013-02-10 09:02:40 +01:00 · 2013-02-10 09:02:40 +01:00 · 55c20ee59b
commit 55c20ee59b
parent 34b87128de
1 changed files with 8 additions and 0 deletions
--- a/tools/munin-node-c/main.c
+++ b/tools/munin-node-c/main.c
@ -102,6 +102,14 @@ int main(int argc, char *argv[]) {
 				strcmp(cmd, "fetch") == 0
 			) {
 			char cmdline[LINE_MAX];
+			if(arg == NULL) {
+				printf("# no plugin given\n");
+				continue;
+			}
+			if(arg[0] == '.' || strchr(arg, '/')) {
+				printf("# invalid plugin character");
+				continue;
+			}
 			sprintf(cmdline, "%s/%s", plugin_dir, arg);
 			if (access(cmdline, X_OK) == -1) {
 				printf("# unknown plugin: %s\n", arg);