From 05b8e88ebe23db690abbfb1a91111abea09cde08 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 30 Mar 2023 13:53:29 +1100 Subject: [PATCH] child_set_eng: verify both env pointer and count. If child_set env was called with a NULL env pointer and a non-zero count it would end up in a null deref, although we don't currently do this. Prompted by Coverity CID 291850, tweak & ok djm@ --- misc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/misc.c b/misc.c index 6135b1556..63c3d4d29 100644 --- a/misc.c +++ b/misc.c @@ -2273,6 +2273,8 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, * If we're passed an uninitialized list, allocate a single null * entry before continuing. */ + if ((*envp == NULL) != (*envsizep == 0)) + fatal_f("environment size mismatch"); if (*envp == NULL && *envsizep == 0) { *envp = xmalloc(sizeof(char *)); *envp[0] = NULL;