diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/doas/doas.c | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 70456d725b2..e286bbb0e82 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.29 2015/07/28 14:08:52 zhuk Exp $ */ +/* $OpenBSD: doas.c,v 1.30 2015/07/28 19:49:04 zhuk Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -182,6 +182,10 @@ parseconfig(const char *filename, int checkperms) exit(1); } +/* + * Copy to envp environment variables from oldenvp which names are + * in safeset. + */ static int copyenvhelper(const char **oldenvp, const char **safeset, int nsafe, char **envp, int ei) @@ -222,44 +226,45 @@ copyenv(const char **oldenvp, struct rule *rule) int nsafe, nbad; int nextras = 0; + /* if there was no envvar whitelist, pass all except badset ones */ nbad = arraylen(badset); if ((rule->options & KEEPENV) && !rule->envlist) { - size_t i, ii; + size_t iold, inew; size_t oldlen = arraylen(oldenvp); envp = reallocarray(NULL, oldlen + 1, sizeof(char *)); if (!envp) err(1, "reallocarray"); - for (ii = i = 0; i < oldlen; i++) { - size_t j; - for (j = 0; j < nbad; j++) { - size_t len = strlen(badset[j]); - if (strncmp(oldenvp[i], badset[j], len) == 0 && - oldenvp[i][len] == '=') { + for (inew = iold = 0; iold < oldlen; iold++) { + size_t ibad; + for (ibad = 0; ibad < nbad; ibad++) { + size_t len = strlen(badset[ibad]); + if (strncmp(oldenvp[iold], badset[ibad], len) == 0 && + oldenvp[iold][len] == '=') { break; } } - if (j == nbad) { - if (!(envp[ii] = strdup(oldenvp[i]))) + if (ibad == nbad) { + if (!(envp[inew] = strdup(oldenvp[iold]))) err(1, "strdup"); - ii++; + inew++; } } - envp[ii] = NULL; + envp[inew] = NULL; return envp; } nsafe = arraylen(safeset); if ((extra = rule->envlist)) { - size_t i; + size_t isafe; nextras = arraylen(extra); - for (i = 0; i < nsafe; i++) { - size_t j; - for (j = 0; j < nextras; j++) { - if (strcmp(extra[j], safeset[i]) == 0) { + for (isafe = 0; isafe < nsafe; isafe++) { + size_t iextras; + for (iextras = 0; iextras < nextras; iextras++) { + if (strcmp(extra[iextras], safeset[isafe]) == 0) { nextras--; - extra[j] = extra[nextras]; + extra[iextras] = extra[nextras]; extra[nextras] = NULL; - j--; + iextras--; } } } |