Check for illegal character '=' in environment variable names.

Make sure the string passed as variable name does not contain a '=' character. This not only prevents the common error or typing "setenv foo=bar" instead of "setenv foo bar", but (more importantly) also closes a backdoor which allowed to delete write-protected environment variables, for example by using "setenv ethaddr=".

Check for illegal character '=' in environment variable names.
Make sure the string passed as variable name does not contain a '=' character. This not only prevents the common error or typing "setenv foo=bar" instead of "setenv foo bar", but (more importantly) also closes a backdoor which allowed to delete write-protected environment variables, for example by using "setenv ethaddr=".
471a7be7 · Wolfgang Denk · 19973b6a · 471a7be7
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

common/cmd_nvedit.c common/cmd_nvedit.c +5 -0

未找到文件。
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -167,6 +167,11 @@ int _do_setenv (int flag, int argc, char *argv[])

 	name = argv[1];

+	if (strchr(name, '=')) {
+		printf ("## Error: illegal character '=' in variable name \"%s\"\n", name);
+		return 1;
+	}
+
 	/*
 	 * search if variable with this name already exists
 	 */