From: Wolfgang Denk <wd@denx.de>
Date: Fri, 27 Oct 2006 23:14:32 +0000 (+0200)
Subject: Check for illegal character '=' in environment variable names.
X-Git-Tag: U-Boot-1_1_6~6
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=471a7be7a042e95e440f5de969c9765214ae8d6e;p=u-boot

Check for illegal character '=' in environment variable names.

Make sure the string passed as variable name does not contain a '='
character. This not only prevents the common error or typing
"setenv foo=bar" instead of "setenv foo bar", but (more importantly)
also closes a backdoor which allowed to delete write-protected
environment variables, for example by using "setenv ethaddr=".
---

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 6257fbd23e..d3f50f87f3 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -167,6 +167,11 @@ int _do_setenv (int flag, int argc, char *argv[])
 
 	name = argv[1];
 
+	if (strchr(name, '=')) {
+		printf ("## Error: illegal character '=' in variable name \"%s\"\n", name);
+		return 1;
+	}
+
 	/*
 	 * search if variable with this name already exists
 	 */