mnc: fix arbitrary execution via ../ traversal

munin-monitoring · Feb 10, 2013 · 55c20ee · 55c20ee
1 parent 34b8712
commit 55c20ee
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/tools/munin-node-c/main.c b/tools/munin-node-c/main.c
@@ -102,6 +102,14 @@ int main(int argc, char *argv[]) {
 				strcmp(cmd, "fetch") == 0
 			) {
 			char cmdline[LINE_MAX];
+			if(arg == NULL) {
+				printf("# no plugin given\n");
+				continue;
+			}
+			if(arg[0] == '.' || strchr(arg, '/')) {
+				printf("# invalid plugin character");
+				continue;
+			}
 			sprintf(cmdline, "%s/%s", plugin_dir, arg);
 			if (access(cmdline, X_OK) == -1) {
 				printf("# unknown plugin: %s\n", arg);