Jamie Landeg Jones wrote: > > However, I'd still apply the patch in case some other way to exploit > the non-checking of the unsetenv return status crops up elsewhere. > > It can't do any harm.
The problem with that is, on 6.x, unsetenv() returns 'void', so there's no return value to check on. On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other versions), the unsetenv() uses __findenv() in a while loop to remove the given setting. The getenv() function also uses __findenv() to find the given environment setting. The issue described in the advisory simply doesn't exist in 6(.4-RELEASE-p7). -- Pieter _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
