For putenv(3), return an error if string starts with a '=' character.

Both FreeBSD and NetBSD have this behavior.  OK deraadt@

2 files changed, 10 insertions, 5 deletions

diff --git a/src/lib/libc/stdlib/getenv.3 b/src/lib/libc/stdlib/getenv.3
index 1654d4257c..5a219a5c03 100644
--- a/src/lib/libc/stdlib/getenv.3
+++ b/src/lib/libc/stdlib/getenv.3
@@ -29,9 +29,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: getenv.3,v 1.22 2022/07/25 02:25:55 jsg Exp $
+.\"     $OpenBSD: getenv.3,v 1.23 2022/08/08 22:40:03 millert Exp $
 .\"
-.Dd $Mdocdate: July 25 2022 $
+.Dd $Mdocdate: August 8 2022 $
 .Dt GETENV 3
 .Os
 .Sh NAME
@@ -133,6 +133,10 @@ function was passed a
 .Ar string
 that did not contain an
 .Sq =
+character, or was passed a
+.Ar string
+that started with the
+.Sq =
 character.
 .It Bq Er ENOMEM
 The
diff --git a/src/lib/libc/stdlib/setenv.c b/src/lib/libc/stdlib/setenv.c
index 15c550ba30..fc8e5b677f 100644
--- a/src/lib/libc/stdlib/setenv.c
+++ b/src/lib/libc/stdlib/setenv.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: setenv.c,v 1.19 2016/09/21 04:38:56 guenther Exp $ */
+/*      $OpenBSD: setenv.c,v 1.20 2022/08/08 22:40:03 millert Exp $ */
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
@@ -48,9 +48,10 @@ putenv(char *str)
 
         for (cp = str; *cp && *cp != '='; ++cp)
                 ;
-        if (*cp != '=') {
+        if (cp == str || *cp != '=') {
+                /* '=' is the first character of string or is missing. */
                 errno = EINVAL;
-                return (-1);                    /* missing `=' in string */
+                return (-1);
         }
 
         if (__findenv(str, (int)(cp - str), &offset) != NULL) {