From 9840d4a4a3952b64c3954f46694913e6d6b17ba4 Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Mon, 27 Apr 2026 12:31:11 +0000
Subject: [PATCH] Add a limit on maximum length of environment variable
 assignment in configuration files.

---
 cmd-parse.y | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/cmd-parse.y b/cmd-parse.y
index 542f37d1..0b32f5d3 100644
--- a/cmd-parse.y
+++ b/cmd-parse.y
@@ -37,6 +37,8 @@ static void printflike(1,2)	 yyerror(const char *, ...);
 static char			*yylex_token(int);
 static char			*yylex_format(void);
 
+#define CMD_PARSE_MAX_ENVIRON_LEN 16384
+
 struct cmd_parse_scope {
 	int				 flag;
 	TAILQ_ENTRY (cmd_parse_scope)	 entry;
@@ -232,6 +234,10 @@ assignment	: EQUALS
 					flag = flag && scope->flag;
 			}
 
+			if (strlen($1) > CMD_PARSE_MAX_ENVIRON_LEN) {
+				yyerror("environment variable is too long");
+				YYABORT;
+			}
 			if ((~flags & CMD_PARSE_PARSEONLY) && flag)
 				environ_put(global_environ, $1, 0);
 			free($1);
@@ -250,6 +256,10 @@ hidden_assignment : HIDDEN EQUALS
 					flag = flag && scope->flag;
 			}
 
+			if (strlen($2) > CMD_PARSE_MAX_ENVIRON_LEN) {
+				yyerror("environment variable is too long");
+				YYABORT;
+			}
 			if ((~flags & CMD_PARSE_PARSEONLY) && flag)
 				environ_put(global_environ, $2, ENVIRON_HIDDEN);
 			free($2);