login(1): when exporting variables check the result of setenv(3)

When exporting a variable we correctly check all the preconditions that could make setenv(3) fail. Checking the setenv(3) return value seems redundant, but given that login(1) is critical, it doesn't hurt to have a post-check. This change is based on the "Principles of Secure Coding" course by Matthew Bishop, PhD., which specifically discusses this code in FreeBSD. Differential Revision: https://reviews.freebsd.org/D26966 git-svn-id: http://svn.freebsd.org/base/head@368776 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
author: pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f> 2020-12-19 02:23:53 +0000
committer: pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f> 2020-12-19 02:23:53 +0000
commit: 295cee3d5532fe4c4229af251e32cbbb0e34599e (patch)
tree: 923072d0fa39a423e0f63b8079ccc8092dfe9d02
parent: 9f62ace902dbc0e58bc4e1f9f81e843ee670c4ff (diff)
download: freebsd-295cee3d5532fe4c4229af251e32cbbb0e34599e.tar.gz
freebsd-295cee3d5532fe4c4229af251e32cbbb0e34599e.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index e99ee5efc2e..380e813f4b0 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -793,6 +793,7 @@ export(const char *s)
 	char *p;
 	const char **pp;
 	size_t n;
+	int rv;
 
 	if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL)
 		return (0);
@@ -804,8 +805,10 @@ export(const char *s)
 			return (0);
 	}
 	*p = '\0';
-	(void)setenv(s, p + 1, 1);
+	rv = setenv(s, p + 1, 1);
 	*p = '=';
+	if (rv == 1)
+		return (0);
 	return (1);
 }
author	pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>	2020-12-19 02:23:53 +0000
committer	pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>	2020-12-19 02:23:53 +0000
commit	295cee3d5532fe4c4229af251e32cbbb0e34599e (patch)
tree	923072d0fa39a423e0f63b8079ccc8092dfe9d02
parent	9f62ace902dbc0e58bc4e1f9f81e843ee670c4ff (diff)
download	freebsd-295cee3d5532fe4c4229af251e32cbbb0e34599e.tar.gz freebsd-295cee3d5532fe4c4229af251e32cbbb0e34599e.tar.bz2