From: kevans <kevans@FreeBSD.org>
Date: Thu, 12 Sep 2019 14:34:46 +0000 (+0000)
Subject: Follow up r352244: kenv: tighten up assertions
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=ae79efc996938c6c6d4e06e456a54e66b30d9ebd;p=freebsd.git

Follow up r352244: kenv: tighten up assertions

As I like to forget: static kenv var formatting is actually such that an
empty environment would be double null bytes. We should make sure that a
non-zero buffer has at least enough for this, though most of the current
usage is with a 4k buffer.
---

diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c
index f7be09b6eb7..7c36a24ff75 100644
--- a/sys/kern/kern_environment.c
+++ b/sys/kern/kern_environment.c
@@ -250,7 +250,15 @@ init_static_kenv(char *buf, size_t len)
 	char *eval;
 
 	KASSERT(!dynamic_kenv, ("kenv: dynamic_kenv already initialized"));
-	KASSERT(len == 0 || *buf == '\0',
+	/*
+	 * Suitably sized means it must be able to hold at least one empty
+	 * variable, otherwise things go belly up if a kern_getenv call is
+	 * made without a prior call to kern_setenv as we have a malformed
+	 * environment.
+	 */
+	KASSERT(len == 0 || len >= 2,
+	    ("kenv: static env must be initialized or suitably sized"));
+	KASSERT(len == 0 || (*buf == '\0' && *(buf + 1) == '\0'),
 	    ("kenv: sized buffer must be initially empty"));
 
 	/*