From c8bfe9cad177f47218999f16bea5cdbe7e3fa7d2 Mon Sep 17 00:00:00 2001
From: "Andrew J. Schorr" <aschorr@telemetry-investments.com>
Date: Thu, 26 Jan 2017 20:35:08 -0500
Subject: Protect against string overrun when calling unsetenv.

---
 str_array.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'str_array.c')

diff --git a/str_array.c b/str_array.c
index d832380d..c559a39a 100644
--- a/str_array.c
+++ b/str_array.c
@@ -773,9 +773,14 @@ static NODE **
 env_remove(NODE *symbol, NODE *subs)
 {
 	NODE **val = str_remove(symbol, subs);
+	char save;
 
-	if (val != NULL)
+	if (val != NULL) {
+		save = subs->stptr[subs->stlen];
+		subs->stptr[subs->stlen] = '\0';
 		(void) unsetenv(subs->stptr);
+		subs->stptr[subs->stlen] = save;
+	}
 
 	return val;
 }
-- 
cgit v1.2.3


From a7addf98875555f48f30e7a9260f39a36a7b3e75 Mon Sep 17 00:00:00 2001
From: "Andrew J. Schorr" <aschorr@telemetry-investments.com>
Date: Fri, 27 Jan 2017 13:25:02 -0500
Subject: Introduce some helpful macros for terminating strings, and fix
 overrun in dcgettext.

---
 str_array.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'str_array.c')

diff --git a/str_array.c b/str_array.c
index c559a39a..fe07ce4b 100644
--- a/str_array.c
+++ b/str_array.c
@@ -776,10 +776,9 @@ env_remove(NODE *symbol, NODE *subs)
 	char save;
 
 	if (val != NULL) {
-		save = subs->stptr[subs->stlen];
-		subs->stptr[subs->stlen] = '\0';
+		str_terminate(subs, save);
 		(void) unsetenv(subs->stptr);
-		subs->stptr[subs->stlen] = save;
+		str_restore(subs, save);
 	}
 
 	return val;
-- 
cgit v1.2.3