Use foreach loop to match setuid unsafe env vars.
Change-Id: I1e94daefac8e601281f38c7ce29ba3172a4a60bb
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index f59fa67..3bbb210 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -237,38 +237,37 @@
static bool __is_unsafe_environment_variable(const char* name) {
// None of these should be allowed in setuid programs.
- static const char* const UNSAFE_VARIABLE_NAMES[] = {
- "GCONV_PATH",
- "GETCONF_DIR",
- "HOSTALIASES",
- "JE_MALLOC_CONF",
- "LD_AOUT_LIBRARY_PATH",
- "LD_AOUT_PRELOAD",
- "LD_AUDIT",
- "LD_DEBUG",
- "LD_DEBUG_OUTPUT",
- "LD_DYNAMIC_WEAK",
- "LD_LIBRARY_PATH",
- "LD_ORIGIN_PATH",
- "LD_PRELOAD",
- "LD_PROFILE",
- "LD_SHOW_AUXV",
- "LD_USE_LOAD_BIAS",
- "LOCALDOMAIN",
- "LOCPATH",
- "MALLOC_CHECK_",
- "MALLOC_CONF",
- "MALLOC_TRACE",
- "NIS_PATH",
- "NLSPATH",
- "RESOLV_HOST_CONF",
- "RES_OPTIONS",
- "TMPDIR",
- "TZDIR",
- nullptr
+ static constexpr const char* UNSAFE_VARIABLE_NAMES[] = {
+ "GCONV_PATH",
+ "GETCONF_DIR",
+ "HOSTALIASES",
+ "JE_MALLOC_CONF",
+ "LD_AOUT_LIBRARY_PATH",
+ "LD_AOUT_PRELOAD",
+ "LD_AUDIT",
+ "LD_DEBUG",
+ "LD_DEBUG_OUTPUT",
+ "LD_DYNAMIC_WEAK",
+ "LD_LIBRARY_PATH",
+ "LD_ORIGIN_PATH",
+ "LD_PRELOAD",
+ "LD_PROFILE",
+ "LD_SHOW_AUXV",
+ "LD_USE_LOAD_BIAS",
+ "LOCALDOMAIN",
+ "LOCPATH",
+ "MALLOC_CHECK_",
+ "MALLOC_CONF",
+ "MALLOC_TRACE",
+ "NIS_PATH",
+ "NLSPATH",
+ "RESOLV_HOST_CONF",
+ "RES_OPTIONS",
+ "TMPDIR",
+ "TZDIR",
};
- for (size_t i = 0; UNSAFE_VARIABLE_NAMES[i] != nullptr; ++i) {
- if (env_match(name, UNSAFE_VARIABLE_NAMES[i]) != nullptr) {
+ for (const auto& unsafe_variable_name : UNSAFE_VARIABLE_NAMES) {
+ if (env_match(name, unsafe_variable_name) != nullptr) {
return true;
}
}