svn commit: r241137 - head/lib/libc/stdlib
Simon L. B. Nielsen
simon at FreeBSD.org
Sun Oct 7 13:27:08 UTC 2012
On 2 Oct 2012, at 18:44, Andrey A. Chernov <ache at FreeBSD.org> wrote:
> Author: ache
> Date: Tue Oct 2 17:44:08 2012
> New Revision: 241137
> URL: http://svn.freebsd.org/changeset/base/241137
>
> Log:
> Using putenv() and later direct pointer contents modification it is possibe
> to craft environment variables with similar names like that:
> a=1
> a=2
> ...
> unsetenv("a") should remove them all to make later getenv("a") impossible.
> Fix it to do so (this is GNU autoconf test #3 failure too).
>
> PR: 172273
> MFC after: 1 week
>
> Modified:
> head/lib/libc/stdlib/getenv.c
Reviewed by ?
This needs to be reviewed by someone with clue about the pittfals if environment manipulation before any MFC.
PS. env functions are mentioned in MAINTAINERS.
--
Simon L. B. Nielsen
FreeBSD Security Officer
More information about the svn-src-head
mailing list