X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/bc3c7bb7d4aba3e563434e5627fe1f2176aa18c0..1d28cc061677bd07d9bed48dd84bd5c590247043:/src/src/environment.c

diff --git a/src/src/environment.c b/src/src/environment.c
index aaa84f817..68adf3c0c 100644
--- a/src/src/environment.c
+++ b/src/src/environment.c
@@ -5,10 +5,13 @@
 /* Copyright (c) Heiko Schlittermann 2016
  * hs@schlittermann.de
  * See the file NOTICE for conditions of use and distribution.
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #include "exim.h"
 
+extern char **environ;
+
 /* The cleanup_environment() function is used during the startup phase
 of the Exim process, right after reading the configurations main
 part, before any expansions take place. It retains the environment
@@ -22,33 +25,60 @@ Returns:    TRUE if successful
 BOOL
 cleanup_environment()
 {
+int old_pool = store_pool;
+store_pool = POOL_PERM;		/* Need perm memory for any created env vars */
+
 if (!keep_environment || *keep_environment == '\0')
-  clearenv();
+  {
+  /* From: https://github.com/dovecot/core/blob/master/src/lib/env-util.c#L55
+  Try to clear the environment.
+  a) environ = NULL crashes on OS X.
+  b) *environ = NULL doesn't work on FreeBSD 7.0.
+  c) environ = emptyenv doesn't work on Haiku OS
+  d) environ = calloc() should work everywhere */
+
+  if (environ) *environ = NULL;
+
+  }
 else if (Ustrcmp(keep_environment, "*") != 0)
   {
-  uschar **p;
-  if (environ) for (p = USS environ; *p; /* see below */)
+  rmark reset_point = store_mark();
+  if (environ) for (uschar ** p = USS environ; *p; /* see below */)
     {
-    uschar *name = string_copyn(*p, US Ustrchr(*p, '=') - *p);
+    /* It's considered broken if we do not find the '=', according to
+    Florian Weimer. For now we ignore such strings. unsetenv() would complain,
+    getenv() would complain. */
+    uschar * eqp = Ustrchr(*p, '=');
 
-    if (OK != match_isinlist(name, CUSS &keep_environment,
-        0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL))
-      if (unsetenv(CS name) < 0) return FALSE;
-      else /* nothing */;
-    else
-      p++;
+    if (eqp)
+      {
+      uschar * name = string_copyn(*p, eqp - *p);
 
-    store_reset(name);
+      if (OK != match_isinlist(name, CUSS &keep_environment,
+          0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL))
+        if (os_unsetenv(name) < 0) return FALSE;
+        else p = USS environ; /* RESTART from the beginning */
+      else p++;
+      }
     }
+  store_reset(reset_point);
   }
 if (add_environment)
   {
-    uschar *p;
-    int sep = 0;
-    const uschar* envlist = add_environment;
-    while ((p = string_nextinlist(&envlist, &sep, NULL, 0)))
-        putenv(CS p);
+  uschar * p;
+  int sep = 0;
+  const uschar * envlist = add_environment;
+
+  while ((p = string_nextinlist(&envlist, &sep, NULL, 0)))
+    {
+    DEBUG(D_expand) debug_printf("adding %s\n", p);
+    putenv(CS p);
+    }
   }
+#ifndef DISABLE_TLS
+tls_clean_env();
+#endif
 
-  return TRUE;
+store_pool = old_pool;
+return TRUE;
 }