The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6
commit 1fa1e3f3950fc0593ab73ea075c24c9bfbe8afd6 Author: Olivier Certner <[email protected]> AuthorDate: 2026-05-07 15:32:28 +0000 Commit: Olivier Certner <[email protected]> CommitDate: 2026-05-29 15:37:14 +0000 MAC/do: Do not skip blanks when parsing executable paths The kind of tolerance we apply to parsing rules, whose format we have defined, cannot be applied to paths since blank characters are allowed there. There is still the limitation that no escape character is currently supported, and so it is not possible to configure a path having a ':' character. Reviewed by: bapt Fixes: 9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)") MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 --- sys/security/mac_do/mac_do.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index c30ece0a0794..9e9f57be6c3c 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1163,7 +1163,7 @@ parse_exec_paths(const char *const string, struct exec_paths *const exec_paths, MPASS(copy[len] == '\0'); p = copy; - while ((path = strsep_noblanks(&p, ":")) != NULL) { + while ((path = strsep(&p, ":")) != NULL) { size_t path_len; if (*path == '\0')
