aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xcli/icevault3
1 files changed, 2 insertions, 1 deletions
diff --git a/cli/icevault b/cli/icevault
index 43b8e50..93a4768 100755
--- a/cli/icevault
+++ b/cli/icevault
@@ -162,7 +162,8 @@ sub connect($) {
}
closedir $dh;
error "No Firefox profile found under C<%s>", $ffdir unless defined $profile;
- $sockname = "$ffdir/$profile/$sockname";
+ "$ffdir/$profile" =~ /\A(\p{Print}+)\z/ or error "Insecure C<%s>", "$ffdir/$profile"; # untaint $ffdir/$profile
+ $sockname = "$1/$sockname";
myprintf \*STDERR, "Using socket C<%s>", $sockname if $CONFIG{debug};
}