From c9df6bc8d46415e270273777c80025948762e897 Mon Sep 17 00:00:00 2001
From: Peter Stephenson <p.w.stephenson@ntlworld.com>
Date: Sun, 10 Sep 2017 18:02:52 +0100
Subject: 41662: exec -a arguments weren't sanitised

---
 Src/exec.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Src/exec.c')

diff --git a/Src/exec.c b/Src/exec.c
index 76a6bb1a4..e2432fda4 100644
--- a/Src/exec.c
+++ b/Src/exec.c
@@ -3007,6 +3007,9 @@ execcmd_exec(Estate state, Execcmd_params eparams,
 		}
 		if (exec_argv0) {
 		    char *str, *s;
+		    exec_argv0 = dupstring(exec_argv0);
+		    remnulargs(exec_argv0);
+		    untokenize(exec_argv0);
 		    size_t sz = strlen(exec_argv0);
 		    str = s = zalloc(5 + 1 + sz + 1);
 		    strcpy(s, "ARGV0=");
-- 
cgit 1.4.1