From owner-freebsd-audit  Thu Apr 26 16:23:27 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 6E66137B424
	for <freebsd-audit@FreeBSD.ORG>; Thu, 26 Apr 2001 16:23:23 -0700 (PDT)
	(envelope-from arr@watson.org)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3QNNrA61757
	for <freebsd-audit@FreeBSD.ORG>; Thu, 26 Apr 2001 19:23:54 -0400 (EDT)
	(envelope-from arr@watson.org)
Date: Thu, 26 Apr 2001 19:23:53 -0400 (EDT)
From: "Andrew R. Reiter" <arr@watson.org>
To: freebsd-audit@FreeBSD.ORG
Subject: Re: audit work:  libc's setenv() and putenv()
In-Reply-To: <Pine.NEB.3.96L.1010425182146.42833A-200000@fledge.watson.org>
Message-ID: <Pine.NEB.3.96L.1010426191933.61693A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Although, the actions of putenv("=blah"); returning 0 seems weird and
after talking to Theo a bit.. I've kind of decided to retract this patch
:-)

Basically, the sanity checks should not be there.. which I was questioning
anyway (check below).  Also, since openbsd, solaris _and_ freebsd all do
the returning of 0 on the above call, then I think it would be bad to
change this functionality.  

anyway, if people think otherwise, interject!

andrew



On Wed, 25 Apr 2001, Andrew R. Reiter wrote:

> hi,
> 
> i found a small stupid issue with putenv() in our libc, as well as
> OpenBSD's... basically if you do:
> 
>   putenv("=bleh");	/* incorrect usage */
> 
> it will not return a -1 error value, but instead return 0.  Attached is a
> patch which does a couple of fixes:
> 
>   - assertion (not using assert()) checks on the arguments being passed to
> setenv and putenv because both with core if any of the const char *'s are
> NULL.
>   - assertion checks on values being passed to setenv() from putenv().
> 
> I was kind of uncertain as to whether or not such assertion checks should
> be done in the libc code, but I found some sanity checks in other
> functions so I figured it was "OK." 
> 
> Anyway, the diff is attached, but can also be found at:
> http://www.watson.org/~arr/fbsd-audit/lib/libc/stdlib/
> 
> Thoughts?
> 
> Andrew
> 
> *-------------.................................................
> | Andrew R. Reiter 
> | arr@fledge.watson.org
> | "It requires a very unusual mind
> |   to undertake the analysis of the obvious" -- A.N. Whitehead
> 

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message