Date: Sat, 19 Dec 2020 02:23:53 +0000 (UTC) From: "Pedro F. Giffuni" <pfg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368776 - head/usr.bin/login Message-ID: <202012190223.0BJ2NrOI029385@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pfg Date: Sat Dec 19 02:23:53 2020 New Revision: 368776 URL: https://svnweb.freebsd.org/changeset/base/368776 Log: login(1): when exporting variables check the result of setenv(3) When exporting a variable we correctly check all the preconditions that could make setenv(3) fail. Checking the setenv(3) return value seems redundant, but given that login(1) is critical, it doesn't hurt to have a post-check. This change is based on the "Principles of Secure Coding" course by Matthew Bishop, PhD., which specifically discusses this code in FreeBSD. Differential Revision: https://reviews.freebsd.org/D26966 Modified: head/usr.bin/login/login.c Modified: head/usr.bin/login/login.c ============================================================================== --- head/usr.bin/login/login.c Sat Dec 19 01:46:47 2020 (r368775) +++ head/usr.bin/login/login.c Sat Dec 19 02:23:53 2020 (r368776) @@ -793,6 +793,7 @@ export(const char *s) char *p; const char **pp; size_t n; + int rv; if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL) return (0); @@ -804,8 +805,10 @@ export(const char *s) return (0); } *p = '\0'; - (void)setenv(s, p + 1, 1); + rv = setenv(s, p + 1, 1); *p = '='; + if (rv == 1) + return (0); return (1); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012190223.0BJ2NrOI029385>