diff options
author | pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f> | 2020-12-19 03:07:38 +0000 |
---|---|---|
committer | pfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f> | 2020-12-19 03:07:38 +0000 |
commit | 8c8c1188077a7065ffd196e7685e62da79f8b62a (patch) | |
tree | 4a0c23f96cc3eb549a295c665d1e851d1bc0f4b1 | |
parent | a41d6d2573347748298ebeded5938fd23a9e7ffa (diff) | |
download | freebsd-8c8c1188077a7065ffd196e7685e62da79f8b62a.tar.gz freebsd-8c8c1188077a7065ffd196e7685e62da79f8b62a.tar.bz2 |
login(1): when exporting variables check the result of setenv(3)
When exporting a variable we correctly check all the preconditions that
could make setenv(3) fail. Checking the setenv(3) return value seems
redundant, but given that login(1) is critical, it doesn't hurt to have
a post-check.
This change is based on the "Principles of Secure Coding" course by
Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
(This change redoes r368776 due to a silly mistake)
git-svn-id: http://svn.freebsd.org/base/head@368778 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
-rw-r--r-- | usr.bin/login/login.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c index e99ee5efc2e..510712a1549 100644 --- a/usr.bin/login/login.c +++ b/usr.bin/login/login.c @@ -793,6 +793,7 @@ export(const char *s) char *p; const char **pp; size_t n; + int rv; if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL) return (0); @@ -804,8 +805,10 @@ export(const char *s) return (0); } *p = '\0'; - (void)setenv(s, p + 1, 1); + rv = setenv(s, p + 1, 1); *p = '='; + if (rv == -1) + return (0); return (1); } |