diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2023-03-30 13:53:29 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2023-03-30 14:08:35 +1100 |
| commit | 05b8e88ebe23db690abbfb1a91111abea09cde08 (patch) | |
| tree | 55e85ded467c50e4558bf3efa56d9ec8cff84be1 | |
| parent | 28f1b8ef9b84b8cd2f6c9889a0c60aa4a90dadfa (diff) | |
| download | openssh-git-05b8e88ebe23db690abbfb1a91111abea09cde08.tar.gz | |
child_set_eng: verify both env pointer and count.
If child_set env was called with a NULL env pointer and a non-zero count
it would end up in a null deref, although we don't currently do this.
Prompted by Coverity CID 291850, tweak & ok djm@
| -rw-r--r-- | misc.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -2273,6 +2273,8 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, * If we're passed an uninitialized list, allocate a single null * entry before continuing. */ + if ((*envp == NULL) != (*envsizep == 0)) + fatal_f("environment size mismatch"); if (*envp == NULL && *envsizep == 0) { *envp = xmalloc(sizeof(char *)); *envp[0] = NULL; |