From 343d1c49535b4d33b383f34d03a3ca1d2681c442 Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Thu, 26 Oct 2017 18:22:43 -0700
Subject: [PATCH] Don't allow LIBC_DEBUG_MALLOC_OPTIONS to cross security
 boundaries.

Bug: http://b/68003719
Test: LIBC_DEBUG_MALLOC_OPTIONS=isbad1 MALLOC_CONF=isbad2 su 0 /system/bin/sh -c '/system/bin/echo opt=$LIBC_DEBUG_MALLOC_OPTIONS conf=$MALLOC_CONF'
Change-Id: I796cc21b230a96cb0ed87d02ddcb1706a7749a90
---
 libc/bionic/libc_init_common.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 48fd670a7..c22f5718e 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -261,6 +261,7 @@ static bool __is_unsafe_environment_variable(const char* name) {
     "LD_PROFILE",
     "LD_SHOW_AUXV",
     "LD_USE_LOAD_BIAS",
+    "LIBC_DEBUG_MALLOC_OPTIONS",
     "LOCALDOMAIN",
     "LOCPATH",
     "MALLOC_CHECK_",