vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-04 06:40:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block env depth-overflow approval bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-25 00:13:33 +00:00
parent 1970a1e9e5
commit 57c9a18180
4 changed files with 137 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/infra/exec-wrapper-resolution.ts
View File

@@ -478,6 +478,17 @@ export function resolveDispatchWrapperExecutionPlan(
}
current = unwrap.argv;
}
if (wrappers.length >= maxDepth) {
const overflow = unwrapKnownDispatchWrapperInvocation(current);
if (overflow.kind === "blocked" || overflow.kind === "unwrapped") {
return {
argv: current,
wrappers,
policyBlocked: true,
blockedWrapper: overflow.wrapper,
};
}
}
return { argv: current, wrappers, policyBlocked: false };
}