From: Lennart Poettering Date: Mon, 26 Jun 2023 14:14:27 +0000 (+0200) Subject: env-util: add explicit size check before strndupa() in strv_env_get_n() X-Git-Tag: v254-rc1~86^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=10930fbb1c0f4d25c8002267c5bcbc85615c45f3;p=thirdparty%2Fsystemd.git env-util: add explicit size check before strndupa() in strv_env_get_n() Let's better be safe than sorry. --- diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 128102c688a..8cc7b72511e 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -514,6 +514,10 @@ char *strv_env_get_n(char **l, const char *name, size_t k, unsigned flags) { if (flags & REPLACE_ENV_USE_ENVIRONMENT) { const char *t; + /* Safety check that the name is not overly long, before we do a stack allocation */ + if (k > (size_t) sysconf(_SC_ARG_MAX) - 2) + return NULL; + t = strndupa_safe(name, k); return getenv(t); };