For putenv(3), return an error if string starts with a '=' character.

Both FreeBSD and NetBSD have this behavior.  OK deraadt@

2 files changed, 10 insertions, 5 deletions

diff --git a/lib/libc/stdlib/getenv.3 b/lib/libc/stdlib/getenv.3
index 1654d4257cd..5a219a5c037 100644
--- a/lib/libc/stdlib/getenv.3
+++ b/lib/libc/stdlib/getenv.3
@@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$OpenBSD: getenv.3,v 1.22 2022/07/25 02:25:55 jsg Exp $
+.\"	$OpenBSD: getenv.3,v 1.23 2022/08/08 22:40:03 millert Exp $
 .\"
-.Dd $Mdocdate: July 25 2022 $
+.Dd $Mdocdate: August 8 2022 $
 .Dt GETENV 3
 .Os
 .Sh NAME
@@ -133,6 +133,10 @@ function was passed a
 .Ar string
 that did not contain an
 .Sq =
+character, or was passed a
+.Ar string
+that started with the
+.Sq =
 character.
 .It Bq Er ENOMEM
 The
diff --git a/lib/libc/stdlib/setenv.c b/lib/libc/stdlib/setenv.c
index 15c550ba30b..fc8e5b677f9 100644
--- a/lib/libc/stdlib/setenv.c
+++ b/lib/libc/stdlib/setenv.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: setenv.c,v 1.19 2016/09/21 04:38:56 guenther Exp $ */
+/*	$OpenBSD: setenv.c,v 1.20 2022/08/08 22:40:03 millert Exp $ */
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
@@ -48,9 +48,10 @@ putenv(char *str)
 
 	for (cp = str; *cp && *cp != '='; ++cp)
 		;
-	if (*cp != '=') {
+	if (cp == str || *cp != '=') {
+		/* '=' is the first character of string or is missing. */
 		errno = EINVAL;
-		return (-1);			/* missing `=' in string */
+		return (-1);
 	}
 
 	if (__findenv(str, (int)(cp - str), &offset) != NULL) {