pppd: Don't try to free(NULL - 1)

A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array.  The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

diff --git a/pppd/main.c b/pppd/main.c
index 76b67d2485b71ce4dc11c6a9cd7ecfd2293f21d9..e09b6ffcce32bd06389d91da6276f24c1e009007 100644 (file)
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -1751,7 +1751,7 @@ update_script_environment()
                script_env[i] = newstring;
            else
                add_script_env(i, newstring);
-       } else {
+       } else if (p != NULL) {
            remove_script_env(i);
        }
     }