summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>2020-12-19 03:07:38 +0000
committerpfg <pfg@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>2020-12-19 03:07:38 +0000
commit8c8c1188077a7065ffd196e7685e62da79f8b62a (patch)
tree4a0c23f96cc3eb549a295c665d1e851d1bc0f4b1
parenta41d6d2573347748298ebeded5938fd23a9e7ffa (diff)
downloadfreebsd-8c8c1188077a7065ffd196e7685e62da79f8b62a.tar.gz
freebsd-8c8c1188077a7065ffd196e7685e62da79f8b62a.tar.bz2
login(1): when exporting variables check the result of setenv(3)
When exporting a variable we correctly check all the preconditions that could make setenv(3) fail. Checking the setenv(3) return value seems redundant, but given that login(1) is critical, it doesn't hurt to have a post-check. This change is based on the "Principles of Secure Coding" course by Matthew Bishop, PhD., which specifically discusses this code in FreeBSD. (This change redoes r368776 due to a silly mistake) git-svn-id: http://svn.freebsd.org/base/head@368778 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
-rw-r--r--usr.bin/login/login.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index e99ee5efc2e..510712a1549 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -793,6 +793,7 @@ export(const char *s)
char *p;
const char **pp;
size_t n;
+ int rv;
if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL)
return (0);
@@ -804,8 +805,10 @@ export(const char *s)
return (0);
}
*p = '\0';
- (void)setenv(s, p + 1, 1);
+ rv = setenv(s, p + 1, 1);
*p = '=';
+ if (rv == -1)
+ return (0);
return (1);
}