diff options
| author | Wolfgang Denk <wd@denx.de> | 2006-10-28 01:14:32 +0200 |
|---|---|---|
| committer | Wolfgang Denk <wd@denx.de> | 2006-10-28 01:14:32 +0200 |
| commit | 471a7be7a042e95e440f5de969c9765214ae8d6e (patch) | |
| tree | 328c7850f1499ddb2758b7407c1096a8ec62899b | |
| parent | 19973b6ad9863a56f5c5fbcfd90e20ab2490a2c2 (diff) | |
Check for illegal character '=' in environment variable names.
Make sure the string passed as variable name does not contain a '='
character. This not only prevents the common error or typing
"setenv foo=bar" instead of "setenv foo bar", but (more importantly)
also closes a backdoor which allowed to delete write-protected
environment variables, for example by using "setenv ethaddr=".
| -rw-r--r-- | common/cmd_nvedit.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c index 6257fbd23e..d3f50f87f3 100644 --- a/common/cmd_nvedit.c +++ b/common/cmd_nvedit.c @@ -167,6 +167,11 @@ int _do_setenv (int flag, int argc, char *argv[]) name = argv[1]; + if (strchr(name, '=')) { + printf ("## Error: illegal character '=' in variable name \"%s\"\n", name); + return 1; + } + /* * search if variable with this name already exists */ |