Date: Wed, 25 Apr 2001 18:27:16 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: freebsd-audit@FreeBSD.org Subject: audit work: libc's setenv() and putenv() Message-ID: <Pine.NEB.3.96L.1010425182146.42833A-200000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--0-651953887-988237636=:42833
Content-Type: TEXT/PLAIN; charset=US-ASCII
hi,
i found a small stupid issue with putenv() in our libc, as well as
OpenBSD's... basically if you do:
putenv("=bleh"); /* incorrect usage */
it will not return a -1 error value, but instead return 0. Attached is a
patch which does a couple of fixes:
- assertion (not using assert()) checks on the arguments being passed to
setenv and putenv because both with core if any of the const char *'s are
NULL.
- assertion checks on values being passed to setenv() from putenv().
I was kind of uncertain as to whether or not such assertion checks should
be done in the libc code, but I found some sanity checks in other
functions so I figured it was "OK."
Anyway, the diff is attached, but can also be found at:
http://www.watson.org/~arr/fbsd-audit/lib/libc/stdlib/
Thoughts?
Andrew
*-------------.................................................
| Andrew R. Reiter
| arr@fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead
--0-651953887-988237636=:42833
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="environ.04252001.diff"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.NEB.3.96L.1010425182716.42833B@fledge.watson.org>
Content-Description:
LS0tIHB1dGVudi5jLm9yaWcJV2VkIEFwciAyNSAxMzozMTo0MiAyMDAxDQor
KysgcHV0ZW52LmMJV2VkIEFwciAyNSAxNDoxNDoyNiAyMDAxDQpAQCAtNDUs
NiArNDUsOCBAQA0KIAljaGFyICpwLCAqZXF1YWw7DQogCWludCBydmFsOw0K
IA0KKwlpZiAoc3RyID09IE5VTEwpDQorCQlyZXR1cm4oLTEpOw0KIAlpZiAo
KHAgPSBzdHJkdXAoc3RyKSkgPT0gTlVMTCkNCiAJCXJldHVybiAoLTEpOw0K
IAlpZiAoKGVxdWFsID0gaW5kZXgocCwgJz0nKSkgPT0gTlVMTCkgew0KQEAg
LTUyLDYgKzU0LDggQEANCiAJCXJldHVybiAoLTEpOw0KIAl9DQogCSplcXVh
bCA9ICdcMCc7DQorCWlmIChzdHJsZW4ocCkgPT0gMCB8fCBzdHJsZW4oZXF1
YWwgKyAxKSA9PSAwKQ0KKwkJcmV0dXJuKC0xKTsNCiAJcnZhbCA9IHNldGVu
dihwLCBlcXVhbCArIDEsIDEpOw0KIAkodm9pZClmcmVlKHApOw0KIAlyZXR1
cm4gKHJ2YWwpOw0KLS0tIHNldGVudi5jLm9yaWcJV2VkIEFwciAyNSAxMzo0
MzoyMSAyMDAxDQorKysgc2V0ZW52LmMJV2VkIEFwciAyNSAxMzo0NjoyNyAy
MDAxDQpAQCAtNjAsNiArNjAsOSBAQA0KIAlyZWdpc3RlciBjaGFyICpjOw0K
IAlpbnQgbF92YWx1ZSwgb2Zmc2V0Ow0KIA0KKwlpZiAobmFtZSA9PSBOVUxM
IHx8IHZhbHVlID09IE5VTEwpDQorIAkJcmV0dXJuKC0xKTsNCisNCiAJaWYg
KCp2YWx1ZSA9PSAnPScpCQkJLyogbm8gYD0nIGluIHZhbHVlICovDQogCQkr
K3ZhbHVlOw0KIAlsX3ZhbHVlID0gc3RybGVuKHZhbHVlKTsNCg==
--0-651953887-988237636=:42833--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010425182146.42833A-200000>