diff options
Diffstat (limited to 'src/os/exec/exec.go')
| -rw-r--r-- | src/os/exec/exec.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/os/exec/exec.go b/src/os/exec/exec.go index da9f68fe28..a5e2dec24b 100644 --- a/src/os/exec/exec.go +++ b/src/os/exec/exec.go @@ -1310,3 +1310,13 @@ func addCriticalEnv(env []string) []string { // Code should use errors.Is(err, ErrDot), not err == ErrDot, // to test whether a returned error err is due to this condition. var ErrDot = errors.New("cannot run executable found relative to current directory") + +// validateLookPath excludes paths that can't be valid +// executable names. See issue #74466 and CVE-2025-47906. +func validateLookPath(s string) error { + switch s { + case "", ".", "..": + return ErrNotFound + } + return nil +} |