From owner-cvs-src@FreeBSD.ORG  Sun Jul 31 10:28:36 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 107E916A41F;
	Sun, 31 Jul 2005 10:28:36 +0000 (GMT)
	(envelope-from netchild@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D239343D45;
	Sun, 31 Jul 2005 10:28:35 +0000 (GMT)
	(envelope-from netchild@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j6VASZ44054160;
	Sun, 31 Jul 2005 10:28:35 GMT
	(envelope-from netchild@repoman.freebsd.org)
Received: (from netchild@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j6VASZJo054159;
	Sun, 31 Jul 2005 10:28:35 GMT (envelope-from netchild)
Message-Id: <200507311028.j6VASZJo054159@repoman.freebsd.org>
From: Alexander Leidinger <netchild@FreeBSD.org>
Date: Sun, 31 Jul 2005 10:28:35 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/sys/kern kern_environment.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Jul 2005 10:28:36 -0000

netchild    2005-07-31 10:28:35 UTC

  FreeBSD src repository

  Modified files:
    sys/kern             kern_environment.c 
  Log:
  Add bounds checking to the setenv part of the kernel environment.
  
  This has no security implications since only root is allowed to use
  kenv(1) (and corrupt the kernel memory after adding too much variables
  previous to this commit).
  
  This is based upon the PR [1] mentioned below, but extended to check both
  bounds (in case of an overflow of the counting variable) and to comply
  to the style of the function. An overflow of the counting variable
  shouldn't happen after adding the check for the upper bound, but better
  safe than sorry (in case some other function in the kernel overwrites
  random memory).
  
  An interested soul may want to add a printf to notify root in case the
  bounds are hit.
  
  Also allocate KENV_SIZE+1 entries (the array is NULL-terminated), since
  the comment for KENV_SIZE says it's the maximum number of environment
  strings. [2]
  
  PR:             83687 [1]
  Submitted by:   Harry Coin <harrycoin@qconline.com> [1]
  Submitted by:   Ariff Abdullah <skywizard@MyBSD.org.my> [2]
  
  Revision  Changes    Path
  1.40      +10 -1     src/sys/kern/kern_environment.c