X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fscript.c;h=2f2c30bf51a87f22739c8a9a78ff921273943753;hb=67e09d80143c4dcad182730a7b73a3d1183e67da;hp=b380931f2ea09c91b843eca9c3fd485ad0a8a3ba;hpb=cfc9fee931c70554353ce6c4acc3407baac08745;p=tinc

diff --git a/src/script.c b/src/script.c
index b380931f..2f2c30bf 100644
--- a/src/script.c
+++ b/src/script.c
@@ -26,6 +26,7 @@
 #include "names.h"
 #include "script.h"
 #include "xalloc.h"
+#include "sandbox.h"
 
 #ifdef HAVE_PUTENV
 static void unputenv(const char *p) {
@@ -37,7 +38,7 @@ static void unputenv(const char *p) {
 
 	ptrdiff_t len = e - p;
 #ifndef HAVE_UNSETENV
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
 	// Windows requires putenv("FOO=") to unset %FOO%
 	len++;
 #endif
@@ -134,13 +135,17 @@ void environment_init(environment_t *env) {
 
 void environment_exit(environment_t *env) {
 	for(int i = 0; i < env->n; i++) {
-		free(env->entries[i]);
+		free_string(env->entries[i]);
 	}
 
 	free(env->entries);
 }
 
 bool execute_script(const char *name, environment_t *env) {
+	if(!sandbox_can(START_PROCESSES, RIGHT_NOW)) {
+		return false;
+	}
+
 	char scriptname[PATH_MAX];
 	char *command;
 
@@ -148,7 +153,7 @@ bool execute_script(const char *name, environment_t *env) {
 
 	/* First check if there is a script */
 
-#ifdef HAVE_MINGW
+#ifdef HAVE_WINDOWS
 
 	if(!*scriptextension) {
 		const char *pathext = getenv("PATHEXT");