From 55c20ee59b48e6b840bca467b547c97753019007 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 10 Feb 2013 09:02:40 +0100
Subject: [PATCH] mnc: fix arbitrary execution via ../ traversal

---
 tools/munin-node-c/main.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/munin-node-c/main.c b/tools/munin-node-c/main.c
index 4299f04a..5ae77285 100644
--- a/tools/munin-node-c/main.c
+++ b/tools/munin-node-c/main.c
@@ -102,6 +102,14 @@ int main(int argc, char *argv[]) {
 				strcmp(cmd, "fetch") == 0
 			) {
 			char cmdline[LINE_MAX];
+			if(arg == NULL) {
+				printf("# no plugin given\n");
+				continue;
+			}
+			if(arg[0] == '.' || strchr(arg, '/')) {
+				printf("# invalid plugin character");
+				continue;
+			}
 			sprintf(cmdline, "%s/%s", plugin_dir, arg);
 			if (access(cmdline, X_OK) == -1) {
 				printf("# unknown plugin: %s\n", arg);