Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Oct 2012 17:44:08 +0000 (UTC)
From:      "Andrey A. Chernov" <ache@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r241137 - head/lib/libc/stdlib
Message-ID:  <201210021744.q92Hi8dt077996@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ache
Date: Tue Oct  2 17:44:08 2012
New Revision: 241137
URL: http://svn.freebsd.org/changeset/base/241137

Log:
  Using putenv() and later direct pointer contents modification it is possibe
  to craft environment variables with similar names like that:
  a=1
  a=2
  ...
  unsetenv("a") should remove them all to make later getenv("a") impossible.
  Fix it to do so (this is GNU autoconf test #3 failure too).
  
  PR:             172273
  MFC after:      1 week

Modified:
  head/lib/libc/stdlib/getenv.c

Modified: head/lib/libc/stdlib/getenv.c
==============================================================================
--- head/lib/libc/stdlib/getenv.c	Tue Oct  2 17:05:20 2012	(r241136)
+++ head/lib/libc/stdlib/getenv.c	Tue Oct  2 17:44:08 2012	(r241137)
@@ -675,11 +675,13 @@ unsetenv(const char *name)
 
 	/* Deactivate specified variable. */
 	envNdx = envVarsTotal - 1;
-	if (__findenv(name, nameLen, &envNdx, true) != NULL) {
+	/* Remove all occurrences. */
+	while (__findenv(name, nameLen, &envNdx, true) != NULL) {
 		envVars[envNdx].active = false;
 		if (envVars[envNdx].putenv)
 			__remove_putenv(envNdx);
 		__rebuild_environ(envActive - 1);
+		envNdx = envVarsTotal - 1;
 	}
 
 	return (0);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210021744.q92Hi8dt077996>