From 4db1709f774e88a8fc82a91f093337c1122563e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= <erik.sjolund@gmail.com>
Date: Fri, 13 Mar 2026 08:08:16 +0100
Subject: [PATCH] libcrun: check setenv failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes: https://github.com/containers/crun/issues/1998

Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
---
 src/libcrun/container.c | 9 ++++++---
 src/libcrun/utils.c     | 6 ++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/libcrun/container.c b/src/libcrun/container.c
index 16af03b45f..7431862ed0 100644
--- a/src/libcrun/container.c
+++ b/src/libcrun/container.c
@@ -1176,8 +1176,9 @@ setup_environment (runtime_spec_schema_config_schema *def, uid_t container_uid,
       ret = set_home_env (container_uid);
       if (UNLIKELY (ret < 0))
         {
-          setenv ("HOME", "/", 1);
           libcrun_warning ("cannot detect HOME environment variable, setting default");
+          if (UNLIKELY (setenv ("HOME", "/", 1) < 0))
+            return crun_make_error (err, errno, "setenv HOME");
         }
     }
 
@@ -1402,8 +1403,9 @@ container_init_setup (void *args, pid_t own_pid, char *notify_socket,
   /* Set primary process to 1 explicitly if nothing is configured and LISTEN_FD is not set.  */
   if (entrypoint_args->context->listen_fds > 0 && getenv ("LISTEN_PID") == NULL)
     {
-      setenv ("LISTEN_PID", "1", 1);
       libcrun_warning ("setting LISTEN_PID=1 since no previous configuration was found");
+      if (UNLIKELY (setenv ("LISTEN_PID", "1", 1) < 0))
+        return crun_make_error (err, errno, "setenv LISTENPID");
     }
 
   /* Attempt to chdir immediately here, before doing the setresuid.  If we fail here, let's
@@ -3690,8 +3692,9 @@ exec_process_entrypoint (libcrun_context_t *context,
       ret = set_home_env (container_uid);
       if (UNLIKELY (ret < 0))
         {
-          setenv ("HOME", "/", 1);
           libcrun_warning ("cannot detect HOME environment variable, setting default");
+          if (UNLIKELY (setenv ("HOME", "/", 1) < 0))
+            return crun_make_error (err, errno, "setenv HOME");
         }
     }
 
diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c
index 277d7f42ca..0d284876a8 100644
--- a/src/libcrun/utils.c
+++ b/src/libcrun/utils.c
@@ -1482,8 +1482,10 @@ set_home_env (uid_t id)
 
       if (ret_pw && ret_pw->pw_uid == id)
         {
-          setenv ("HOME", ret_pw->pw_dir, 1);
-          return 0;
+          if (UNLIKELY (setenv ("HOME", ret_pw->pw_dir, 1) < 0))
+            OOM ();
+          else
+            return 0;
         }
     }
 }