From 6729a2cdbe64499c2f4879cba04fefae8ab02405 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Mon, 7 Aug 2023 20:21:06 -0500 Subject: [PATCH] Security: Add additional checks against the parameters in fll_execute_program(). --- level_2/fll_execute/c/execute.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/level_2/fll_execute/c/execute.c b/level_2/fll_execute/c/execute.c index 192e3b4..d77ebde 100644 --- a/level_2/fll_execute/c/execute.c +++ b/level_2/fll_execute/c/execute.c @@ -278,13 +278,25 @@ extern "C" { f_string_t fixed_arguments[arguments.used + 2]; f_string_static_t program_name = f_string_static_t_initialize; - const f_string_t last_slash = (f_string_t) strrchr((program.used ? program.string : arguments.array[0].string), (char) f_path_separator_s.string[0]); + const f_string_t last_slash = (f_string_t) strrchr( + (program.used + ? program.string + : arguments.used && arguments.array[0].used + ? arguments.array[0].string + : 0 + ), + (char) f_path_separator_s.string[0] + ); if (last_slash) { program_name.used = strnlen((last_slash + 1), F_path_length_max_d); } else { - program_name.used = program.used ? program.used : arguments.array[0].used; + program_name.used = program.used + ? program.used + : arguments.used && arguments.array[0].used + ? arguments.array[0].used + : 0; } f_char_t program_name_string[program_name.used + 1]; -- 1.8.3.1