Check for illegal character '=' in environment variable names. Make sure the string passed as variable name does not contain a '=' character. This not only prevents the common error or typing "setenv foo=bar" instead of "setenv foo bar", but (more importantly) also closes a backdoor which allowed to delete write-protected environment variables, for example by using "setenv ethaddr=".

commit: bc50f8cc18e71bdb513ff1758f77e858183ae4f2 [log] [tgz]
author: Wolfgang Denk <wd@denx.de> Sat Oct 28 01:14:32 2006 +0200
committer: Wolfgang Denk <wd@denx.de> Sat Oct 28 01:14:32 2006 +0200
tree: 328c7850f1499ddb2758b7407c1096a8ec62899b
parent: 9c82c68fb7359256d694c9a389b9dfa8bc03eb94 [diff] [blame]
diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 6257fbd..d3f50f8 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c

@@ -167,6 +167,11 @@
 
 	name = argv[1];
 
+	if (strchr(name, '=')) {
+		printf ("## Error: illegal character '=' in variable name \"%s\"\n", name);
+		return 1;
+	}
+
 	/*
 	 * search if variable with this name already exists
 	 */
commit	bc50f8cc18e71bdb513ff1758f77e858183ae4f2	[log] [tgz]
author	Wolfgang Denk <wd@denx.de>	Sat Oct 28 01:14:32 2006 +0200
committer	Wolfgang Denk <wd@denx.de>	Sat Oct 28 01:14:32 2006 +0200
tree	328c7850f1499ddb2758b7407c1096a8ec62899b
parent	9c82c68fb7359256d694c9a389b9dfa8bc03eb94 [diff] [blame]