From 10930fbb1c0f4d25c8002267c5bcbc85615c45f3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 26 Jun 2023 16:14:27 +0200 Subject: [PATCH] env-util: add explicit size check before strndupa() in strv_env_get_n() Let's better be safe than sorry. --- src/basic/env-util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 128102c688a..8cc7b72511e 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -514,6 +514,10 @@ char *strv_env_get_n(char **l, const char *name, size_t k, unsigned flags) { if (flags & REPLACE_ENV_USE_ENVIRONMENT) { const char *t; + /* Safety check that the name is not overly long, before we do a stack allocation */ + if (k > (size_t) sysconf(_SC_ARG_MAX) - 2) + return NULL; + t = strndupa_safe(name, k); return getenv(t); }; -- 2.47.3