Security: Add additional checks against the parameters in fll_execute_program().

author Kevin Day <kevin@kevux.org>

Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)

committer Kevin Day <kevin@kevux.org>

Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)
author Kevin Day <kevin@kevux.org>
Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)
committer Kevin Day <kevin@kevux.org>
Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)
diff --git a/level_2/fll_execute/c/execute.c b/level_2/fll_execute/c/execute.c

index 36050ee3419ac9dac1361671a355745217b03b5a..b202acb1f5c34fb98bfca63cb5cabd79687c467f 100644 (file)
--- a/level_2/fll_execute/c/execute.c
+++ b/level_2/fll_execute/c/execute.c
@@ -278,13 +278,25 @@ extern "C" {
      f_string_t fixed_arguments[arguments.used + 2];
      f_string_static_t program_name = f_string_static_t_initialize;
  
-    const f_string_t last_slash = (f_string_t) strrchr((program.used ? program.string : arguments.array[0].string), (char) f_path_separator_s.string[0]);
+    const f_string_t last_slash = (f_string_t) strrchr(
+      (program.used
+        ? program.string
+        : arguments.used && arguments.array[0].used
+          ? arguments.array[0].string
+          : 0
+      ),
+      (char) f_path_separator_s.string[0]
+    );
  
      if (last_slash) {
        program_name.used = strnlen((last_slash + 1), F_path_length_max_d);
      }
      else {
-      program_name.used = program.used ? program.used : arguments.array[0].used;
+      program_name.used = program.used
+        ? program.used
+        : arguments.used && arguments.array[0].used
+          ? arguments.array[0].used
+          : 0;
      }
  
      f_char_t program_name_string[program_name.used + 1];
author	Kevin Day <kevin@kevux.org>
	Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)
committer	Kevin Day <kevin@kevux.org>
	Tue, 8 Aug 2023 01:19:00 +0000 (20:19 -0500)