diff options
| author | Pedro F. Giffuni <pfg@FreeBSD.org> | 2020-12-19 03:07:38 +0000 |
|---|---|---|
| committer | Pedro F. Giffuni <pfg@FreeBSD.org> | 2020-12-19 03:07:38 +0000 |
| commit | dcc6f62526ad357f17fe030f6b9b4c3001add705 (patch) | |
| tree | 4a0c23f96cc3eb549a295c665d1e851d1bc0f4b1 | |
| parent | a0bed901984022e6e0fdfc017c70e31302de878e (diff) | |
| download | src-test2-dcc6f62526ad357f17fe030f6b9b4c3001add705.tar.gz src-test2-dcc6f62526ad357f17fe030f6b9b4c3001add705.zip | |
login(1): when exporting variables check the result of setenv(3)
When exporting a variable we correctly check all the preconditions that
could make setenv(3) fail. Checking the setenv(3) return value seems
redundant, but given that login(1) is critical, it doesn't hurt to have
a post-check.
This change is based on the "Principles of Secure Coding" course by
Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
(This change redoes r368776 due to a silly mistake)
Notes
Notes:
svn path=/head/; revision=368778
| -rw-r--r-- | usr.bin/login/login.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e99ee5efc2eb..510712a15491 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -793,6 +793,7 @@ export(const char *s) char *p; const char **pp; size_t n; + int rv; if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL) return (0); @@ -804,8 +805,10 @@ export(const char *s) return (0); } *p = '\0'; - (void)setenv(s, p + 1, 1); + rv = setenv(s, p + 1, 1); *p = '='; + if (rv == -1) + return (0); return (1); } |