Hi,
Here's a patch fixing a null pointer dereference when PATH is unset in
doas env.
This doesn't get triggered by OpenBSD libc strdup on amd64 though.
Index: usr.bin/doas//env.c
===================================================================
RCS file: /var/cvs/src/usr.bin/doas/env.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 env.c
--- usr.bin/doas//env.c 7 Jul 2019 19:21:28 -0000 1.10
+++ usr.bin/doas//env.c 6 Jan 2021 14:02:05 -0000
@@ -92,6 +92,7 @@ createenv(const struct rule *rule, const
NULL
};
struct env *env;
+ char *p;
u_int i;
env = malloc(sizeof(*env));
@@ -100,10 +101,12 @@ createenv(const struct rule *rule, const
RB_INIT(&env->root);
env->count = 0;
+ p = getenv("PATH");
+
addnode(env, "DOAS_USER", mypw->pw_name);
addnode(env, "HOME", targpw->pw_dir);
addnode(env, "LOGNAME", targpw->pw_name);
- addnode(env, "PATH", getenv("PATH"));
+ addnode(env, "PATH", p ? p : "");
addnode(env, "SHELL", targpw->pw_shell);
addnode(env, "USER", targpw->pw_name);
