From 41c4479dc5496e6f9beb8ec68f8fd79fd2f3041c Mon Sep 17 00:00:00 2001
From: Boris Faure <billiob@gmail.com>
Date: Sat, 24 Dec 2016 18:39:42 +0100
Subject: [PATCH] termpty: verify that $SHELL is valid before using it.
 CID1366816

---
 src/bin/termpty.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/src/bin/termpty.c b/src/bin/termpty.c
index 338bf6ce..99a53e49 100644
--- a/src/bin/termpty.c
+++ b/src/bin/termpty.c
@@ -375,6 +375,38 @@ _termpty_resize_tabs(Termpty *ty, int new_w)
       }
 }
 
+static Eina_Bool
+_is_shell_valid(const char *cmd)
+{
+    struct stat st;
+
+   if (!cmd)
+     return EINA_FALSE;
+   if (cmd[0] == '\0')
+     return EINA_FALSE;
+   if (cmd[0] != '/')
+     {
+        ERR("shell command '%s' is not an absolute path", cmd);
+        return EINA_FALSE;
+     }
+   if (stat(cmd, &st) != 0)
+     {
+        ERR("shell command '%s' can not be stat(): %s", cmd, strerror(errno));
+        return EINA_FALSE;
+     }
+   if ((st.st_mode & S_IFMT) != S_IFREG)
+     {
+        ERR("shell command '%s' is not a regular file", cmd);
+        return EINA_FALSE;
+     }
+   if ((st.st_mode & S_IXOTH) == 0)
+     {
+        ERR("shell command '%s' is not executable", cmd);
+        return EINA_FALSE;
+     }
+   return EINA_TRUE;
+}
+
 Termpty *
 termpty_new(const char *cmd, Eina_Bool login_shell, const char *cd,
             int w, int h, int backscroll, Eina_Bool xterm_256color,
@@ -435,6 +467,8 @@ termpty_new(const char *cmd, Eina_Bool login_shell, const char *cd,
    if (needs_shell)
      {
         shell = getenv("SHELL");
+        if (!_is_shell_valid(shell))
+          shell = NULL;
         if (!shell)
           {
              uid_t uid = getuid();