Refactor the setuid sandbox client code to its own class.

sandbox/linux/suid/common/suid_unsafe_environment_variables.h

Index: sandbox/linux/suid/common/suid_unsafe_environment_variables.h
diff --git a/sandbox/linux/suid/suid_unsafe_environment_variables.h b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h
similarity index 85%
rename from sandbox/linux/suid/suid_unsafe_environment_variables.h
rename to sandbox/linux/suid/common/suid_unsafe_environment_variables.h
index 4e3329f439357308fc227318b30aa09e8c4b2f11..ee4db76c299a239077767af6e5a24907b63580bb 100644
--- a/sandbox/linux/suid/suid_unsafe_environment_variables.h
+++ b/sandbox/linux/suid/common/suid_unsafe_environment_variables.h
@@ -16,6 +16,14 @@
 #ifndef SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
 #define SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_
 
+#if defined(__cplusplus)
+#include <limits>
+#define SIZE_MAX std::numeric_limits<size_t>::max()
+#endif
+
+#include <stdlib.h>  // malloc
+#include <string.h>  // memcpy
+
 static const char* kSUIDUnsafeEnvironmentVariables[] = {
   "LD_AOUT_LIBRARY_PATH",
   "LD_AOUT_PRELOAD",
@@ -48,8 +56,12 @@ static const char* kSUIDUnsafeEnvironmentVariables[] = {
 // name for a given environment variable.
 static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
   const size_t envvar_len = strlen(envvar);
+
+  if (envvar_len > SIZE_MAX - 1 -8)
+    return NULL;
+
   const size_t saved_envvarlen = envvar_len + 1 /* NUL terminator */ +
-                                 8 /* strlen("SANDBOX_") */;
+                                              8 /* strlen("SANDBOX_") */;
   char* const saved_envvar = (char*) malloc(saved_envvarlen);
   if (!saved_envvar)
     return NULL;
@@ -61,4 +73,8 @@ static inline char* SandboxSavedEnvironmentVariable(const char* envvar) {
   return saved_envvar;
 }
 
+#if defined(__cplusplus)
+#undef SIZE_MAX
+#endif
+
 #endif  // SANDBOX_LINUX_SUID_SUID_UNSAFE_ENVIRONMENT_VARIABLES_H_