mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-21 11:13:30 +00:00
Code Issues Releases Activity

In init_dynamic_kenv(), ignore environment strings exceeding the

Browse Source 
KENV_MNAMELEN + 1 + KENV_MVALLEN + 1 length limit to avoid buffer
overflow in getenv(). Currenly loader(8) doesn't limit the length of
environment strings.

PR:		kern/132104
MFC after:	1 month
This commit is contained in:
Jaakko Heinonen 2011-05-23 16:40:44 +00:00
parent 68e0d7e06a
commit f53edc909e
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=222216
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/kern/kern_environment.c
View File

@ -225,13 +225,19 @@ static void
init_dynamic_kenv(void *data __unused)
{
char *cp;
int len, i;
size_t len;
int i;
kenvp = malloc((KENV_SIZE + 1) * sizeof(char *), M_KENV,
M_WAITOK | M_ZERO);
i = 0;
for (cp = kern_envp; cp != NULL; cp = kernenv_next(cp)) {
len = strlen(cp) + 1;
if (len > KENV_MNAMELEN + 1 + KENV_MVALLEN + 1) {
printf("WARNING: too long kenv string, ignoring %s\n",
cp);
continue;
}
if (i < KENV_SIZE) {
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
strcpy(kenvp[i++], cp);