From 8e932792c917d11545c2953b35159149f7411eca Mon Sep 17 00:00:00 2001
From: Alexander Monakov <amonakov@ispras.ru>
Date: Sun, 3 Sep 2017 22:12:20 +0300
Subject: overhaul environment functions

Rewrite environment access functions to slim down code, fix bugs and
avoid invoking undefined behavior.

* avoid using int-typed iterators where size_t would be correct;
* use strncmp instead of memcmp consistently;
* tighten prologues by invoking __strchrnul;
* handle NULL environ.

putenv:
* handle "=value" input via unsetenv too (will return -1/EINVAL);
* rewrite and simplify __putenv; fix the leak caused by failure to
  deallocate entry added by preceding setenv when called from putenv.

setenv:
* move management of libc-allocated entries to this translation unit,
  and use no-op weak symbols in putenv/unsetenv;

unsetenv:
* rewrite; this fixes UB caused by testing a free'd pointer against
  NULL on entry to subsequent loops.

Not changed:
Failure to extend allocation tracking array (previously __env_map, now
env_alloced) is ignored rather than causing to report -1/ENOMEM to the
caller; the worst-case consequence is leaking this allocation when it
is removed or replaced in a subsequent environment access.

Initially UB in unsetenv was reported by Alexander Cherepanov.
Using a weak alias to avoid pulling in malloc via unsetenv was
suggested by Rich Felker.
---
 src/env/unsetenv.c | 35 +++++++++++++++++------------------
 1 file changed, 17 insertions(+), 18 deletions(-)

(limited to 'src/env/unsetenv.c')

diff --git a/src/env/unsetenv.c b/src/env/unsetenv.c
index 35693354..8630e2d7 100644
--- a/src/env/unsetenv.c
+++ b/src/env/unsetenv.c
@@ -1,31 +1,30 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
+#include "libc.h"
 
-extern char **__environ;
-extern char **__env_map;
+char *__strchrnul(const char *, int);
+
+static void dummy(char *old, char *new) {}
+weak_alias(dummy, __env_rm_add);
 
 int unsetenv(const char *name)
 {
-	int i, j;
-	size_t l = strlen(name);
-
-	if (!*name || strchr(name, '=')) {
+	size_t l = __strchrnul(name, '=') - name;
+	if (!l || name[l]) {
 		errno = EINVAL;
 		return -1;
 	}
-again:
-	for (i=0; __environ[i] && (memcmp(name, __environ[i], l) || __environ[i][l] != '='); i++);
-	if (__environ[i]) {
-		if (__env_map) {
-			for (j=0; __env_map[j] && __env_map[j] != __environ[i]; j++);
-			free (__env_map[j]);
-			for (; __env_map[j]; j++)
-				__env_map[j] = __env_map[j+1];
-		}
-		for (; __environ[i]; i++)
-			__environ[i] = __environ[i+1];
-		goto again;
+	if (__environ) {
+		char **e = __environ, **eo = e;
+		for (; *e; e++)
+			if (!strncmp(name, *e, l) && l[*e] == '=')
+				__env_rm_add(*e, 0);
+			else if (eo != e)
+				*eo++ = *e;
+			else
+				eo++;
+		if (eo != e) *eo = 0;
 	}
 	return 0;
 }
-- 
cgit v1.2.1