Date: Sun, 7 Oct 2012 14:26:57 +0100 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Andrey A. Chernov <ache@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r241137 - head/lib/libc/stdlib Message-ID: <FA478B4F-9FE3-4928-A3C8-BC14417C5603@FreeBSD.org> In-Reply-To: <201210021744.q92Hi8dt077996@svn.freebsd.org> References: <201210021744.q92Hi8dt077996@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Oct 2012, at 18:44, Andrey A. Chernov <ache@FreeBSD.org> wrote: > Author: ache > Date: Tue Oct 2 17:44:08 2012 > New Revision: 241137 > URL: http://svn.freebsd.org/changeset/base/241137 >=20 > Log: > Using putenv() and later direct pointer contents modification it is = possibe > to craft environment variables with similar names like that: > a=3D1 > a=3D2 > ... > unsetenv("a") should remove them all to make later getenv("a") = impossible. > Fix it to do so (this is GNU autoconf test #3 failure too). >=20 > PR: 172273 > MFC after: 1 week >=20 > Modified: > head/lib/libc/stdlib/getenv.c Reviewed by ? This needs to be reviewed by someone with clue about the pittfals if = environment manipulation before any MFC. PS. env functions are mentioned in MAINTAINERS. --=20 Simon L. B. Nielsen FreeBSD Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FA478B4F-9FE3-4928-A3C8-BC14417C5603>