X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;ds=sidebyside;f=src%2Fscript.c;h=2f2c30bf51a87f22739c8a9a78ff921273943753;hb=4436af55e55e79b496264fe114039fbc1198d71f;hp=cb3d29345e9bb49b18c1de4a045710e396036076;hpb=28b7a53b693f6b4e70218a926e68a36ece54cda1;p=tinc

diff --git a/src/script.c b/src/script.c
index cb3d2934..2f2c30bf 100644
--- a/src/script.c
+++ b/src/script.c
@@ -26,6 +26,7 @@
 #include "names.h"
 #include "script.h"
 #include "xalloc.h"
+#include "sandbox.h"
 
 #ifdef HAVE_PUTENV
 static void unputenv(const char *p) {
@@ -37,12 +38,12 @@ static void unputenv(const char *p) {
 
 	ptrdiff_t len = e - p;
 #ifndef HAVE_UNSETENV
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
 	// Windows requires putenv("FOO=") to unset %FOO%
 	len++;
 #endif
 #endif
-	char var[len + 1];
+	char *var = alloca(len + 1);
 	strncpy(var, p, len);
 	var[len] = 0;
 #ifdef HAVE_UNSETENV
@@ -134,13 +135,17 @@ void environment_init(environment_t *env) {
 
 void environment_exit(environment_t *env) {
 	for(int i = 0; i < env->n; i++) {
-		free(env->entries[i]);
+		free_string(env->entries[i]);
 	}
 
 	free(env->entries);
 }
 
 bool execute_script(const char *name, environment_t *env) {
+	if(!sandbox_can(START_PROCESSES, RIGHT_NOW)) {
+		return false;
+	}
+
 	char scriptname[PATH_MAX];
 	char *command;
 
@@ -148,7 +153,7 @@ bool execute_script(const char *name, environment_t *env) {
 
 	/* First check if there is a script */
 
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
 
 	if(!*scriptextension) {
 		const char *pathext = getenv("PATHEXT");
@@ -159,9 +164,11 @@ bool execute_script(const char *name, environment_t *env) {
 
 		size_t pathlen = strlen(pathext);
 		size_t scriptlen = strlen(scriptname);
-		char fullname[scriptlen + pathlen + 1];
+
+		const size_t fullnamelen = scriptlen + pathlen + 1;
+		char *fullname = alloca(fullnamelen);
 		char *ext = fullname + scriptlen;
-		strncpy(fullname, scriptname, sizeof(fullname));
+		strncpy(fullname, scriptname, fullnamelen);
 
 		const char *p = pathext;
 		bool found = false;