From b6d889cdcf08db3ca15bd602ace6f5eb4066db07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Mart=C3=AD?= <mvdan@mvdan.cc>
Date: Sat, 14 Dec 2019 22:27:10 +0000
Subject: [PATCH] start rejecting unknown non-tool commands

---
 main.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index 8ee4510..65f1146 100644
--- a/main.go
+++ b/main.go
@@ -107,14 +107,14 @@ func main1() int {
 
 func mainErr(args []string) error {
 	// If we recognise an argument, we're not running within -toolexec.
-	switch args[0] {
+	switch cmd := args[0]; cmd {
 	case "build":
 		execPath, err := os.Executable()
 		if err != nil {
 			return err
 		}
 		goArgs := []string{
-			"build",
+			cmd,
 			"-a",
 			"-trimpath",
 			"-toolexec=" + execPath,
@@ -126,6 +126,11 @@ func mainErr(args []string) error {
 		cmd.Stderr = os.Stderr
 		return cmd.Run()
 	}
+	if !filepath.IsAbs(args[0]) {
+		// -toolexec gives us an absolute path to the tool binary to
+		// run, so this is most likely misuse of garble by a user.
+		return fmt.Errorf("unknown command: %q", args[0])
+	}
 
 	_, tool := filepath.Split(args[0])
 	if runtime.GOOS == "windows" {