From ab1e847d1c1394c7ca72af4c30e1e62fafd6710c Mon Sep 17 00:00:00 2001
From: spsf <swoshswosh@proton.me>
Date: Tue, 24 Feb 2026 00:48:20 -0600
Subject: [PATCH] Fix exploit with trailing whitespace

---
 Src/Hyperion-kernel/boot/kernel.lua                 | 13 ++++++++++---
 .../lib/modules/hyperion/10_vfs.kmod                |  9 +++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/Src/Hyperion-kernel/boot/kernel.lua b/Src/Hyperion-kernel/boot/kernel.lua
index 4136dca..326b527 100644
--- a/Src/Hyperion-kernel/boot/kernel.lua
+++ b/Src/Hyperion-kernel/boot/kernel.lua
@@ -184,9 +184,16 @@ end
 
 kernel.log("Gathering modules")
 for _, i in ipairs(ifs.list("/lib/modules")) do
-    for _,v in ipairs(ifs.list("/lib/modules/"..i)) do
-        local prior=tonumber(v:sub(1,2))
-        modules[prior+1][#modules[prior+1]+1]="/lib/modules/"..i.."/"..v
+    local modlist = ifs.list("/lib/modules/"..i)
+    if not modlist then
+        kernel.log("WARNING: could not list /lib/modules/"..i.." (skipping)", "WARN", 8)
+    else
+        for _,v in ipairs(modlist) do
+            local prior=tonumber(v:sub(1,2))
+            if prior then
+                modules[prior+1][#modules[prior+1]+1]="/lib/modules/"..i.."/"..v
+            end
+        end
     end
 end
 
diff --git a/Src/Hyperion-kernel/lib/modules/hyperion/10_vfs.kmod b/Src/Hyperion-kernel/lib/modules/hyperion/10_vfs.kmod
index 60d90ba..51f3301 100644
--- a/Src/Hyperion-kernel/lib/modules/hyperion/10_vfs.kmod
+++ b/Src/Hyperion-kernel/lib/modules/hyperion/10_vfs.kmod
@@ -111,7 +111,7 @@ local function makeMetafile(meta)
     return out
 end
 
-local SAFE_COMPONENT_PATTERN = "^[A-Za-z0-9_.+%-%@ %(%)%[%] ]+$"
+local SAFE_COMPONENT_PATTERN = "^[A-Za-z0-9_.+%-%@%(%)%[%]]+$"
 
 local function normalizePath(path)
     local task = kernel.currentTask
@@ -135,6 +135,8 @@ local function normalizePath(path)
             i = len + 1
         end
 
+        comp = comp:match("^%s*(.-)%s*$")
+
         if comp == "" or comp == "." then
         elseif comp == ".." then
             if #stack > 0 then
@@ -145,6 +147,9 @@ local function normalizePath(path)
             if not comp:match(SAFE_COMPONENT_PATTERN) then
                 error("EINVAL: illegal characters in path component: " .. comp, 2)
             end
+            if comp == ".meta" then
+                error("EINVAL: reserved path component: " .. comp, 2)
+            end
             table.insert(stack, comp)
         end
     end
@@ -192,7 +197,7 @@ end
 vfs._parseMetafile = parseMetafile
 
 local function readMetaEntry(disk, parentDiskPath, filename)
-    if filename == ".meta" then error("Cannot open metafile") end
+    if filename == ".meta" then error("EACCES: Cannot open metafile") end
     local mp
     if parentDiskPath == "/" then
         mp = ".meta"