On 14/10/2020 21.14, Andrew Jones wrote:
> Without confirming that the name length exactly matches too, then
> the string comparison would return the same value for VAR* as for
> VAR, when VAR came first in the environ array.
>
> Signed-off-by: Andrew Jones <drjones@xxxxxxxxxx>
> ---
> lib/string.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/lib/string.c b/lib/string.c
> index 018dcc879516..3a0562120f12 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -171,10 +171,13 @@ extern char **environ;
> char *getenv(const char *name)
> {
> char **envp = environ, *delim;
> + int len;
>
> while (*envp) {
> delim = strchr(*envp, '=');
> - if (delim && strncmp(name, *envp, delim - *envp) == 0)
> + assert(delim);
> + len = delim - *envp;
> + if (strlen(name) == len && strncmp(name, *envp, len) == 0)
> return delim + 1;
> ++envp;
> }
>
Reviewed-by: Thomas Huth <thuth@xxxxxxxxxx>
