Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Apr 2001 18:27:16 -0400 (EDT)
From:      "Andrew R. Reiter" <arr@watson.org>
To:        freebsd-audit@FreeBSD.org
Subject:   audit work:  libc's setenv() and putenv()
Message-ID:  <Pine.NEB.3.96L.1010425182146.42833A-200000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
hi,

i found a small stupid issue with putenv() in our libc, as well as
OpenBSD's... basically if you do:

  putenv("=bleh");	/* incorrect usage */

it will not return a -1 error value, but instead return 0.  Attached is a
patch which does a couple of fixes:

  - assertion (not using assert()) checks on the arguments being passed to
setenv and putenv because both with core if any of the const char *'s are
NULL.
  - assertion checks on values being passed to setenv() from putenv().

I was kind of uncertain as to whether or not such assertion checks should
be done in the libc code, but I found some sanity checks in other
functions so I figured it was "OK." 

Anyway, the diff is attached, but can also be found at:
http://www.watson.org/~arr/fbsd-audit/lib/libc/stdlib/

Thoughts?

Andrew

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead

[-- Attachment #2 --]
--- putenv.c.orig	Wed Apr 25 13:31:42 2001
+++ putenv.c	Wed Apr 25 14:14:26 2001
@@ -45,6 +45,8 @@
 	char *p, *equal;
 	int rval;
 
+	if (str == NULL)
+		return(-1);
 	if ((p = strdup(str)) == NULL)
 		return (-1);
 	if ((equal = index(p, '=')) == NULL) {
@@ -52,6 +54,8 @@
 		return (-1);
 	}
 	*equal = '\0';
+	if (strlen(p) == 0 || strlen(equal + 1) == 0)
+		return(-1);
 	rval = setenv(p, equal + 1, 1);
 	(void)free(p);
 	return (rval);
--- setenv.c.orig	Wed Apr 25 13:43:21 2001
+++ setenv.c	Wed Apr 25 13:46:27 2001
@@ -60,6 +60,9 @@
 	register char *c;
 	int l_value, offset;
 
+	if (name == NULL || value == NULL)
+ 		return(-1);
+
 	if (*value == '=')			/* no `=' in value */
 		++value;
 	l_value = strlen(value);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010425182146.42833A-200000>