44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
From 224d78993a24d1cc31ae0f6a0d0a59c66b765387 Mon Sep 17 00:00:00 2001
|
|
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
|
|
Date: Sat, 9 Jul 2022 09:00:48 -0600
|
|
Subject: [PATCH] sudo_putenv_nodebug: require that the environment string
|
|
include a '='
|
|
|
|
---
|
|
plugins/sudoers/env.c | 10 ++++++++--
|
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c
|
|
index 99b674300..eaf90f4a0 100644
|
|
--- a/plugins/sudoers/env.c
|
|
+++ b/plugins/sudoers/env.c
|
|
@@ -314,9 +314,15 @@ int
|
|
sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite)
|
|
{
|
|
char **ep;
|
|
- size_t len;
|
|
+ const char *equal;
|
|
bool found = false;
|
|
|
|
+ equal = strchr(str, '=');
|
|
+ if (equal == NULL) {
|
|
+ errno = EINVAL;
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
/* Make sure there is room for the new entry plus a NULL. */
|
|
if (env.env_size > 2 && env.env_len > env.env_size - 2) {
|
|
char **nenvp;
|
|
@@ -358,7 +364,7 @@ sudo_putenv_nodebug(char *str, bool dupcheck, bool overwrite)
|
|
#endif
|
|
|
|
if (dupcheck) {
|
|
- len = (strchr(str, '=') - str) + 1;
|
|
+ size_t len = (size_t)(equal - str) + 1;
|
|
for (ep = env.envp; *ep != NULL; ep++) {
|
|
if (strncmp(str, *ep, len) == 0) {
|
|
if (overwrite)
|
|
--
|
|
2.33.0
|
|
|