In init_dynamic_kenv(), ignore environment strings exceeding the
KENV_MNAMELEN + 1 + KENV_MVALLEN + 1 length limit to avoid buffer overflow in getenv(). Currenly loader(8) doesn't limit the length of environment strings. PR: kern/132104 MFC after: 1 month
This commit is contained in:
parent
68e0d7e06a
commit
f53edc909e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=222216
@ -225,13 +225,19 @@ static void
|
|||||||
init_dynamic_kenv(void *data __unused)
|
init_dynamic_kenv(void *data __unused)
|
||||||
{
|
{
|
||||||
char *cp;
|
char *cp;
|
||||||
int len, i;
|
size_t len;
|
||||||
|
int i;
|
||||||
|
|
||||||
kenvp = malloc((KENV_SIZE + 1) * sizeof(char *), M_KENV,
|
kenvp = malloc((KENV_SIZE + 1) * sizeof(char *), M_KENV,
|
||||||
M_WAITOK | M_ZERO);
|
M_WAITOK | M_ZERO);
|
||||||
i = 0;
|
i = 0;
|
||||||
for (cp = kern_envp; cp != NULL; cp = kernenv_next(cp)) {
|
for (cp = kern_envp; cp != NULL; cp = kernenv_next(cp)) {
|
||||||
len = strlen(cp) + 1;
|
len = strlen(cp) + 1;
|
||||||
|
if (len > KENV_MNAMELEN + 1 + KENV_MVALLEN + 1) {
|
||||||
|
printf("WARNING: too long kenv string, ignoring %s\n",
|
||||||
|
cp);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
if (i < KENV_SIZE) {
|
if (i < KENV_SIZE) {
|
||||||
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
|
kenvp[i] = malloc(len, M_KENV, M_WAITOK);
|
||||||
strcpy(kenvp[i++], cp);
|
strcpy(kenvp[i++], cp);
|
||||||
|
Loading…
Reference in New Issue
Block a user