From 7fd658f2c3410da8e3bc230ed0a8cb1d8dc863ef Mon Sep 17 00:00:00 2001 From: millert Date: Mon, 8 Aug 2022 22:40:03 +0000 Subject: [PATCH] For putenv(3), return an error if string starts with a '=' character. Both FreeBSD and NetBSD have this behavior. OK deraadt@ --- lib/libc/stdlib/getenv.3 | 8 ++++++-- lib/libc/stdlib/setenv.c | 7 ++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/lib/libc/stdlib/getenv.3 b/lib/libc/stdlib/getenv.3 index 1654d4257cd..5a219a5c037 100644 --- a/lib/libc/stdlib/getenv.3 +++ b/lib/libc/stdlib/getenv.3 @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: getenv.3,v 1.22 2022/07/25 02:25:55 jsg Exp $ +.\" $OpenBSD: getenv.3,v 1.23 2022/08/08 22:40:03 millert Exp $ .\" -.Dd $Mdocdate: July 25 2022 $ +.Dd $Mdocdate: August 8 2022 $ .Dt GETENV 3 .Os .Sh NAME @@ -133,6 +133,10 @@ function was passed a .Ar string that did not contain an .Sq = +character, or was passed a +.Ar string +that started with the +.Sq = character. .It Bq Er ENOMEM The diff --git a/lib/libc/stdlib/setenv.c b/lib/libc/stdlib/setenv.c index 15c550ba30b..fc8e5b677f9 100644 --- a/lib/libc/stdlib/setenv.c +++ b/lib/libc/stdlib/setenv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setenv.c,v 1.19 2016/09/21 04:38:56 guenther Exp $ */ +/* $OpenBSD: setenv.c,v 1.20 2022/08/08 22:40:03 millert Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -48,9 +48,10 @@ putenv(char *str) for (cp = str; *cp && *cp != '='; ++cp) ; - if (*cp != '=') { + if (cp == str || *cp != '=') { + /* '=' is the first character of string or is missing. */ errno = EINVAL; - return (-1); /* missing `=' in string */ + return (-1); } if (__findenv(str, (int)(cp - str), &offset) != NULL) { -- 2.20.1