Check for illegal character '=' in environment variable names.

Make sure the string passed as variable name does not contain a '=' character. This not only prevents the common error or typing "setenv foo=bar" instead of "setenv foo bar", but (more importantly) also closes a backdoor which allowed to delete write-protected environment variables, for example by using "setenv ethaddr=".
2006-10-28 01:14:32 +02:00 · 2006-10-28 01:14:32 +02:00 · 471a7be7a0
commit 471a7be7a0
parent 19973b6ad9
1 changed files with 5 additions and 0 deletions
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@ -167,6 +167,11 @@ int _do_setenv (int flag, int argc, char *argv[])

 	name = argv[1];

+	if (strchr(name, '=')) {
+		printf ("## Error: illegal character '=' in variable name \"%s\"\n", name);
+		return 1;
+	}
+
 	/*
 	 * search if variable with this name already exists
 	 */