mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
9 lines
357 B
C
9 lines
357 B
C
/* Unsafe: tainted env-string passed straight as the XPath expression to
|
|
* xmlXPathEvalExpression. XPATH_INJECTION fires on the expression arg. */
|
|
#include <libxml/xpath.h>
|
|
#include <stdlib.h>
|
|
|
|
xmlXPathObjectPtr do_lookup(xmlXPathContextPtr ctx) {
|
|
char *user_expr = getenv("USER_EXPR");
|
|
return xmlXPathEvalExpression((xmlChar *)user_expr, ctx);
|
|
}
|