From b5a2fd5ca2cd00b564d829c352d825902fba13a0 Mon Sep 17 00:00:00 2001
From: Paul Mackerras <paulus@ozlabs.org>
Date: Sat, 23 Jun 2018 17:26:42 +1000
Subject: [PATCH] pppd: Don't try to free(NULL - 1)

A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array.  The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
 pppd/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pppd/main.c b/pppd/main.c
index 76b67d2..e09b6ff 100644
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -1751,7 +1751,7 @@ update_script_environment()
 		script_env[i] = newstring;
 	    else
 		add_script_env(i, newstring);
-	} else {
+	} else if (p != NULL) {
 	    remove_script_env(i);
 	}
     }
-- 
2.39.2