libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Kee

libc: Purge unneeded cdefs.h

These sys/cdefs.h are not needed. Purge them. They are mostly left-over
from the $FreeBSD$ removal. A few in libc are still required for macros
that cdefs.h defines. Keep those.

Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42385

(cherry picked from commit 559a218c9b257775fb249b67945fe4a05b7a6b9f)

show more ...

Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

secure_getenv: Add () around return values

Style only change, no functional change intended.

Sponsored by: Netflix

Add GNU glibc compatible secure_getenv

Add mostly glibc and msl compatible secure_getenv. Return NULL if
issetugid() indicates the process is tainted, otherwise getenv(x). The
rational behind this

Add GNU glibc compatible secure_getenv

Add mostly glibc and msl compatible secure_getenv. Return NULL if
issetugid() indicates the process is tainted, otherwise getenv(x). The
rational behind this is the fact that many Linux applications use this
function instead of getenv() as it's widely consider a, "best
practice".

Reviewed by: imp, mjg (feedback)
Pull Request: https://github.com/freebsd/freebsd-src/pull/686
Signed-off-by: Lucy Marsh <[email protected]>

show more ...

libc: move declaration of 'char **environ' to common private header

Suggested by: imp
Reviewed by: markj
Tested by: markj (aarch64)
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Differenti

libc: move declaration of 'char **environ' to common private header

Suggested by: imp
Reviewed by: markj
Tested by: markj (aarch64)
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
Differential revision: https://reviews.freebsd.org/D37220

show more ...

getenv(3): Fix two typos in source code comments

- s/peform/perform/

MFC after: 3 days

libc: add clearenv function

The clearenv(3) function allows us to clear all environment
variable in one shot. This may be useful for security programs that
want to control the environment or what va

libc: add clearenv function

The clearenv(3) function allows us to clear all environment
variable in one shot. This may be useful for security programs that
want to control the environment or what variables are passed to new
spawned programs.

Reviewed by: scf, markj (secteam), 0mp (manpages)
Differential Revision: https://reviews.freebsd.org/D28223

show more ...

libc: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
p

libc: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

show more ...

Minor libc cleanup: let calloc(3) do the multiplication.

MFC after: 3 days

libc: provide some bounds-checking through reallocarray(3).

reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the ca

libc: provide some bounds-checking through reallocarray(3).

reallocarray(3) is a non portable extension that originated in OpenBSD.
Given that it is already in FreeBSD's libc it is useful for the cases
where reallocation involves a multiplication.

MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D9955

show more ...

[fix to r253380] __setenv: be explicit about placing '=' after name

This should a regression introduced in r253380 if malloc'ed memory
happens to have '=' at the right place.

Reported by: ache
Poin

[fix to r253380] __setenv: be explicit about placing '=' after name

This should a regression introduced in r253380 if malloc'ed memory
happens to have '=' at the right place.

Reported by: ache
Pointyhat to: me (avg)
MFC after: 1 day
X-MFC with: r253380

show more ...

libc: name passed into __setenv is not necessarily NUL-terminated

That's particularly true when __setenv is called from __merge_environ.

MFC after: 4 days

Optimize prev. commit for speed.
1) Don't iterate the loop from the environment array beginning each time,
iterate it under the last place we deactivate instead.
2) Call __rebuild_environ() not on ea

Optimize prev. commit for speed.
1) Don't iterate the loop from the environment array beginning each time,
iterate it under the last place we deactivate instead.
2) Call __rebuild_environ() not on each iteration but once, only at the end
of whole loop (of course, only in case if something is changed).

MFC after: 1 week

show more ...

Using putenv() and later direct pointer contents modification it is possibe
to craft environment variables with similar names like that:
a=1
a=2
...
unsetenv("a") should remove them all to make later

Using putenv() and later direct pointer contents modification it is possibe
to craft environment variables with similar names like that:
a=1
a=2
...
unsetenv("a") should remove them all to make later getenv("a") impossible.
Fix it to do so (this is GNU autoconf test #3 failure too).

PR: 172273
MFC after: 1 week

show more ...

Revert behavior change to setenv(), unsetenv() and putenv() until a more
thorough security review has been completed.

Change the behavior of setenv(), putenv() and unsetenv() to continue parsing
instead of returning an error if a corrupt (not a "name=value" string) entry
in the environ array is detected when (re)-bu

Change the behavior of setenv(), putenv() and unsetenv() to continue parsing
instead of returning an error if a corrupt (not a "name=value" string) entry
in the environ array is detected when (re)-building the internal
environment. This should prevent applications or libraries from
experiencing issues arising from the expectation that these calls will
complete even with corrupt entries. The behavior is now as it was prior to
7.0.

Reviewed by: jilles
MFC after: 1 week

show more ...

Improve the comment within getenv() explaining the search order it takes to
find a variable. Include a note that it must not cause the internal
environment to be generated since malloc() depends upo

Improve the comment within getenv() explaining the search order it takes to
find a variable. Include a note that it must not cause the internal
environment to be generated since malloc() depends upon getenv(). To call
malloc() would create a circular dependency.

Recommended by: green
Approved by: jilles
MFC after: 1 week

show more ...

Temporarily revert the previous change because the linker has been
modified so that it will abort when the environment is bad.

Do not gratuitously fail *env(3) operations due to corrupt ('='-less)
**environ entries. This puts non-getenv(3) operations in line with
getenv(3) in that bad environ entries do not cause all operat

Do not gratuitously fail *env(3) operations due to corrupt ('='-less)
**environ entries. This puts non-getenv(3) operations in line with
getenv(3) in that bad environ entries do not cause all operations to
fail. There is still some inconsistency in that getenv(3) in the
absence of any environment-modifying operation does not emit corrupt
environ entry warnings.

I also fixed another inconsistency in getenv(3) where updating the
global environ pointer would not be reflected in the return values.
It would have taken an intermediary setenv(3)/putenv(3)/unsetenv(3)
in order to see the change.

show more ...

Restructure and use different variables in the tests that involve
environ[0] to be more obvious that environ is not NULL before environ[0]
is tested. Although I believe the previous code worked, thi

Restructure and use different variables in the tests that involve
environ[0] to be more obvious that environ is not NULL before environ[0]
is tested. Although I believe the previous code worked, this change
improves code maintainability.

Reviewed by: ache
MFC after: 3 days

show more ...

Detect if the application has cleared the environ variable by setting
the first value (environ[0]) to NULL. This is in addition to the
current detection of environ being replaced, which includes bei

Detect if the application has cleared the environ variable by setting
the first value (environ[0]) to NULL. This is in addition to the
current detection of environ being replaced, which includes being set to
NULL. Without this fix, the environment is not truly wiped, but appears
to be by getenv() until an *env() call is made to alter the enviroment.

This change is necessary to support those applications that use this
method for clearing environ such as Dovecot and Postfix. Applications
such as Sendmail and the base system's env replace environ (already
detected). While neither of these methods are defined by SUSv3, it is
best to support them due to historic reasons and in lieu of a clean,
defined method.

Add extra units tests for clearing environ using four different methods:
1. Set environ to NULL pointer.
2. Set environ[0] to NULL pointer.
3. Set environ to calloc()'d NULL-terminated array.
4. Set environ to static NULL-terminated array.

Noticed by: Timo Sirainen

MFC after: 3 days

show more ...

Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application. readelf

Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application. readelf -S was used to verify
that the .text section was reduced and that using strlen() saved a few
more bytes over using sizeof(). Since the section of code is only called
when environ is corrupt (program bug), I went with fewer bytes over fewer
cycles.

I made minor edits to the submitted patch to make the output resemble
warnx().

Submitted by: kib bz
Approved by: wes (mentor)
MFC after: 5 days

show more ...

The precision for a string argument in a call to warnx() needs to be cast
to an int to remove the warning from using a size_t variable on 64-bit
platforms.

Submitted by: Xin LI <[email protected]>

The precision for a string argument in a call to warnx() needs to be cast
to an int to remove the warning from using a size_t variable on 64-bit
platforms.

Submitted by: Xin LI <[email protected]>
Approved by: wes
Approved by: re (kensmith)

show more ...

Skip rebuilding environ in setenv() only upon reuse of an active variable;
inactive variables should cause a rebuild of environ, otherwise, exec()'d
processes will be missing a variable in environ th

Skip rebuilding environ in setenv() only upon reuse of an active variable;
inactive variables should cause a rebuild of environ, otherwise, exec()'d
processes will be missing a variable in environ that has been unset then
set.

Submitted by: Taku Yamamoto <[email protected]>
Reviewed by: ache
Approved by: wes (mentor)
Approved by: re (kensmith)

show more ...