[Midnightbsd-cvs] src [8201] trunk/lib/libc/stdlib/getenv.c: Using putenv() and later direct pointer contents modification it is possibe
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Sep 17 11:47:42 EDT 2016
Revision: 8201
http://svnweb.midnightbsd.org/src/?rev=8201
Author: laffer1
Date: 2016-09-17 11:47:42 -0400 (Sat, 17 Sep 2016)
Log Message:
-----------
Using putenv() and later direct pointer contents modification it is possibe
to craft environment variables with similar names like that:
a=1
a=2
...
unsetenv("a") should remove them all to make later getenv("a") impossible.
Fix it to do so (this is GNU autoconf test #3 failure too).
Obtained from: FreeBSD
Modified Paths:
--------------
trunk/lib/libc/stdlib/getenv.c
Modified: trunk/lib/libc/stdlib/getenv.c
===================================================================
--- trunk/lib/libc/stdlib/getenv.c 2016-09-17 15:46:36 UTC (rev 8200)
+++ trunk/lib/libc/stdlib/getenv.c 2016-09-17 15:47:42 UTC (rev 8201)
@@ -663,6 +663,7 @@
{
int envNdx;
size_t nameLen;
+ int newEnvActive;
/* Check for malformed name. */
if (name == NULL || (nameLen = __strleneq(name)) == 0) {
@@ -675,13 +676,18 @@
return (-1);
/* Deactivate specified variable. */
+ /* Remove all occurrences. */
envNdx = envVarsTotal - 1;
- if (__findenv(name, nameLen, &envNdx, true) != NULL) {
+ newEnvActive = envActive;
+ while (__findenv(name, nameLen, &envNdx, true) != NULL) {
envVars[envNdx].active = false;
if (envVars[envNdx].putenv)
__remove_putenv(envNdx);
- __rebuild_environ(envActive - 1);
+ envNdx--;
+ newEnvActive--;
}
+ if (newEnvActive != envActive)
+ __rebuild_environ(newEnvActive);
return (0);
}
More information about the Midnightbsd-cvs
mailing list