From owner-freebsd-audit Wed Apr 25 15:26:49 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3E5D737B43E for ; Wed, 25 Apr 2001 15:26:46 -0700 (PDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3PMRGU42882 for ; Wed, 25 Apr 2001 18:27:17 -0400 (EDT) (envelope-from arr@watson.org) Date: Wed, 25 Apr 2001 18:27:16 -0400 (EDT) From: "Andrew R. Reiter" To: freebsd-audit@FreeBSD.org Subject: audit work: libc's setenv() and putenv() Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-651953887-988237636=:42833" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-651953887-988237636=:42833 Content-Type: TEXT/PLAIN; charset=US-ASCII hi, i found a small stupid issue with putenv() in our libc, as well as OpenBSD's... basically if you do: putenv("=bleh"); /* incorrect usage */ it will not return a -1 error value, but instead return 0. Attached is a patch which does a couple of fixes: - assertion (not using assert()) checks on the arguments being passed to setenv and putenv because both with core if any of the const char *'s are NULL. - assertion checks on values being passed to setenv() from putenv(). I was kind of uncertain as to whether or not such assertion checks should be done in the libc code, but I found some sanity checks in other functions so I figured it was "OK." Anyway, the diff is attached, but can also be found at: http://www.watson.org/~arr/fbsd-audit/lib/libc/stdlib/ Thoughts? Andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead --0-651953887-988237636=:42833 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="environ.04252001.diff" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: LS0tIHB1dGVudi5jLm9yaWcJV2VkIEFwciAyNSAxMzozMTo0MiAyMDAxDQor KysgcHV0ZW52LmMJV2VkIEFwciAyNSAxNDoxNDoyNiAyMDAxDQpAQCAtNDUs NiArNDUsOCBAQA0KIAljaGFyICpwLCAqZXF1YWw7DQogCWludCBydmFsOw0K IA0KKwlpZiAoc3RyID09IE5VTEwpDQorCQlyZXR1cm4oLTEpOw0KIAlpZiAo KHAgPSBzdHJkdXAoc3RyKSkgPT0gTlVMTCkNCiAJCXJldHVybiAoLTEpOw0K IAlpZiAoKGVxdWFsID0gaW5kZXgocCwgJz0nKSkgPT0gTlVMTCkgew0KQEAg LTUyLDYgKzU0LDggQEANCiAJCXJldHVybiAoLTEpOw0KIAl9DQogCSplcXVh bCA9ICdcMCc7DQorCWlmIChzdHJsZW4ocCkgPT0gMCB8fCBzdHJsZW4oZXF1 YWwgKyAxKSA9PSAwKQ0KKwkJcmV0dXJuKC0xKTsNCiAJcnZhbCA9IHNldGVu dihwLCBlcXVhbCArIDEsIDEpOw0KIAkodm9pZClmcmVlKHApOw0KIAlyZXR1 cm4gKHJ2YWwpOw0KLS0tIHNldGVudi5jLm9yaWcJV2VkIEFwciAyNSAxMzo0 MzoyMSAyMDAxDQorKysgc2V0ZW52LmMJV2VkIEFwciAyNSAxMzo0NjoyNyAy MDAxDQpAQCAtNjAsNiArNjAsOSBAQA0KIAlyZWdpc3RlciBjaGFyICpjOw0K IAlpbnQgbF92YWx1ZSwgb2Zmc2V0Ow0KIA0KKwlpZiAobmFtZSA9PSBOVUxM IHx8IHZhbHVlID09IE5VTEwpDQorIAkJcmV0dXJuKC0xKTsNCisNCiAJaWYg KCp2YWx1ZSA9PSAnPScpCQkJLyogbm8gYD0nIGluIHZhbHVlICovDQogCQkr K3ZhbHVlOw0KIAlsX3ZhbHVlID0gc3RybGVuKHZhbHVlKTsNCg== --0-651953887-988237636=:42833-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message