diff options
author | Pedro F. Giffuni <pfg@FreeBSD.org> | 2020-12-19 02:23:53 +0000 |
---|---|---|
committer | Pedro F. Giffuni <pfg@FreeBSD.org> | 2020-12-19 02:23:53 +0000 |
commit | ebb4fcc7cf3045dcd3b7ff6eb6877fb4ec4a9e05 (patch) | |
tree | 923072d0fa39a423e0f63b8079ccc8092dfe9d02 | |
parent | 15575436693e953816a18acd4d9c0bf35d8ca39c (diff) | |
download | src-test2-ebb4fcc7cf3045dcd3b7ff6eb6877fb4ec4a9e05.tar.gz src-test2-ebb4fcc7cf3045dcd3b7ff6eb6877fb4ec4a9e05.zip |
login(1): when exporting variables check the result of setenv(3)
When exporting a variable we correctly check all the preconditions that
could make setenv(3) fail. Checking the setenv(3) return value seems
redundant, but given that login(1) is critical, it doesn't hurt to have
a post-check.
This change is based on the "Principles of Secure Coding" course by
Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
Differential Revision: https://reviews.freebsd.org/D26966
Notes
Notes:
svn path=/head/; revision=368776
-rw-r--r-- | usr.bin/login/login.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e99ee5efc2eb..380e813f4b0a 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -793,6 +793,7 @@ export(const char *s) char *p; const char **pp; size_t n; + int rv; if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL) return (0); @@ -804,8 +805,10 @@ export(const char *s) return (0); } *p = '\0'; - (void)setenv(s, p + 1, 1); + rv = setenv(s, p + 1, 1); *p = '='; + if (rv == 1) + return (0); return (1); } |