login(1): when exporting variables check the result of setenv(3)

When exporting a variable we correctly check all the preconditions that could make setenv(3) fail. Checking the setenv(3) return value seems redundant, but given that login(1) is critical, it doesn't hurt to have a post-check. This change is based on the "Principles of Secure Coding" course by Matthew Bishop, PhD., which specifically discusses this code in FreeBSD. (This change redoes r368776 due to a silly mistake)
2020-12-19 03:07:38 +00:00 · 2020-12-19 03:07:38 +00:00 · dcc6f62526
parent a0bed90198
commit dcc6f62526
1 changed files with 4 additions and 1 deletions
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@ -793,6 +793,7 @@ export(const char *s)
 	char *p;
 	const char **pp;
 	size_t n;
+	int rv;

 	if (strlen(s) > 1024 || (p = strchr(s, '=')) == NULL)
 		return (0);
@ -804,8 +805,10 @@ export(const char *s)
 			return (0);
 	}
 	*p = '\0';
-	(void)setenv(s, p + 1, 1);
+	rv = setenv(s, p + 1, 1);
 	*p = '=';
+	if (rv == -1)
+		return (0);
 	return (1);
 }