From 15fc9eabc696b6bc427d8dcef4c39c82d0b14a2e Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Sat, 9 Jul 2022 11:14:12 -0500 Subject: [PATCH] Security: Environment value has invalid read. The string may not be allocated. Check that the string.used is not 0 but if it is then pass an empty string. --- level_0/f_environment/c/environment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/level_0/f_environment/c/environment.c b/level_0/f_environment/c/environment.c index 48346d6..9f77e75 100644 --- a/level_0/f_environment/c/environment.c +++ b/level_0/f_environment/c/environment.c @@ -117,7 +117,7 @@ extern "C" { return F_data_not; } - if (setenv(name.string, value.string, replace) < 0) { + if (setenv(name.string, value.used ? value.string : "", replace) < 0) { if (errno == EINVAL) return F_status_set_error(F_parameter); if (errno == ENOMEM) return F_status_set_error(F_memory_not); -- 1.8.3.1