Date: Fri, 13 Jul 2007 14:39:30 -0500 (CDT)
From: "Sean C. Farley" <scf@FreeBSD.org>
To: Andrey Chernov <ache@nagual.pp.ru>
Cc: freebsd-current <freebsd-current@FreeBSD.org>
Subject: Re: Environment handling broken in /bin/sh with changes to {get,set,put}env()
Message-ID: <20070713142545.K26096@thor.farley.org>
In-Reply-To: <20070713162742.GA16260@nagual.pp.ru>
References: <20070704215154.O77978@thor.farley.org> <20070705115816.GA50506@nagual.pp.ru> <20070705105922.F98700@thor.farley.org> <20070707130859.GA96605@nagual.pp.ru> <20070707131359.GB96605@nagual.pp.ru> <20070707133102.C14065@thor.farley.org> <20070707191835.GA4368@nagual.pp.ru> <20070707205410.B14065@thor.farley.org> <20070708020940.GA80166@nagual.pp.ru> <20070708171727.GA90490@nagual.pp.ru> <20070713162742.GA16260@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Jul 2007, Andrey Chernov wrote:
> On Sun, Jul 08, 2007 at 09:17:27PM +0400, Andrey Chernov wrote:
*snip*
> [snip]
>
> I found another breakage case not covered by your last getenv() fix.
> Take this simple program:
>
> -- a.c ---------------------------------------------------------------
> #include <stdlib.h>
> extern char **environ;
>
> main () {
>
> static char *nenv[2];
>
> nenv[0] = "PATH=/bin";
> nenv[1] = NULL;
>
> /*
> environ = nenv;
> unsetenv("PATH"); or somethig like
> which touch '=' char in nenv[0]
> */
>
> nenv[0][4] = '\0';
>
> }
> -- a.c ---------------------------------------------------------------
*snip*
> As you may see, compiler puts "PATH=/bin" to the program's .rodata
> section which is placed to read only memory.
>
> If later you'll modify this single "PATH=/bin" (comes from "nenv" now)
> by
> *equals = '\0';
> ...
> *equals = '=';
> core dump happens, which simulated in my simple a.c example by
> nenv[0][4] = '\0';
>
> Just run it and got code dump.
FreeBSD 6 will also dump if the length of the value was less than or
equal to "/bin" since it reuses this string. This will core dump:
nenv[0] = "PATH=/bin";
nenv[1] = NULL;
environ = nenv;
setenv("PATH", "/bin", 1);
Sean
--
scf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070713142545.K26096>