From 471a7be7a042e95e440f5de969c9765214ae8d6e Mon Sep 17 00:00:00 2001
From: Wolfgang Denk <wd@denx.de>
Date: Sat, 28 Oct 2006 01:14:32 +0200
Subject: Check for illegal character '=' in environment variable names.

Make sure the string passed as variable name does not contain a '='
character. This not only prevents the common error or typing
"setenv foo=bar" instead of "setenv foo bar", but (more importantly)
also closes a backdoor which allowed to delete write-protected
environment variables, for example by using "setenv ethaddr=".
---
 common/cmd_nvedit.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'common/cmd_nvedit.c')

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 6257fbd23..d3f50f87f 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -167,6 +167,11 @@ int _do_setenv (int flag, int argc, char *argv[])
 
 	name = argv[1];
 
+	if (strchr(name, '=')) {
+		printf ("## Error: illegal character '=' in variable name \"%s\"\n", name);
+		return 1;
+	}
+
 	/*
 	 * search if variable with this name already exists
 	 */
-- 
cgit v1.2.3