Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Apr 2001 19:23:53 -0400 (EDT)
From:      "Andrew R. Reiter" <arr@watson.org>
To:        freebsd-audit@FreeBSD.ORG
Subject:   Re: audit work:  libc's setenv() and putenv()
Message-ID:  <Pine.NEB.3.96L.1010426191933.61693A-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1010425182146.42833A-200000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


Although, the actions of putenv("=blah"); returning 0 seems weird and
after talking to Theo a bit.. I've kind of decided to retract this patch
:-)

Basically, the sanity checks should not be there.. which I was questioning
anyway (check below).  Also, since openbsd, solaris _and_ freebsd all do
the returning of 0 on the above call, then I think it would be bad to
change this functionality.  

anyway, if people think otherwise, interject!

andrew



On Wed, 25 Apr 2001, Andrew R. Reiter wrote:

> hi,
> 
> i found a small stupid issue with putenv() in our libc, as well as
> OpenBSD's... basically if you do:
> 
>   putenv("=bleh");	/* incorrect usage */
> 
> it will not return a -1 error value, but instead return 0.  Attached is a
> patch which does a couple of fixes:
> 
>   - assertion (not using assert()) checks on the arguments being passed to
> setenv and putenv because both with core if any of the const char *'s are
> NULL.
>   - assertion checks on values being passed to setenv() from putenv().
> 
> I was kind of uncertain as to whether or not such assertion checks should
> be done in the libc code, but I found some sanity checks in other
> functions so I figured it was "OK." 
> 
> Anyway, the diff is attached, but can also be found at:
> http://www.watson.org/~arr/fbsd-audit/lib/libc/stdlib/
> 
> Thoughts?
> 
> Andrew
> 
> *-------------.................................................
> | Andrew R. Reiter 
> | arr@fledge.watson.org
> | "It requires a very unusual mind
> |   to undertake the analysis of the obvious" -- A.N. Whitehead
> 

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010426191933.61693A-100000>