From patchwork Wed Mar 11 16:11:59 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Paul Pluzhnikov <ppluzhnikov@google.com>
X-Patchwork-Id: 449071
Return-Path: 
 <libc-alpha-return-57849-incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id A983814012F
	for <incoming@patchwork.ozlabs.org>;
	Thu, 12 Mar 2015 03:13:05 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass
	reason="1024-bit key; unprotected key"
	header.d=sourceware.org header.i=@sourceware.org header.b=ajIKmMud;
	dkim-adsp=none (unprotected policy); dkim-atps=neutral
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; q=dns; s=default; b=HrNS94sq/JqmKQXG9gYugTLgxPGU6
	mv9I4SDbNtvFin46LFNP7iqDN12AxZwHvYB6I3TmsLj6+UTHTEVEEzTesuR9e/OY
	YODwNQXCr2vzvhhQB/EnPw8H2jRoerLB3fNRvyhQCSPoU6eCs4scw+Y/Jua1ZZFJ
	kZkhUTb+tKV4dA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:from:date:message-id:subject:to
	:content-type; s=default; bh=BjxJ1v3bnZnw3Jo5AQhjECm94MU=; b=ajI
	KmMudAvPgGTQ7k1NhQ8TkBwrwqLZesulsZOJmZezQqlCjxW2XASs3jBUKet5XL4d
	4GKxXTCYlVb8sBJ6JQPwRV5FpnjE3R2jwp/1X5Wbe5WLnuOyhd3shBAXP9QlIpV9
	1mRDF2q+dJcZ2PXendg9aheSJ5bYRRHZO+vv0xpI=
Received: (qmail 95437 invoked by alias); 11 Mar 2015 16:12:38 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: 
 <mailto:libc-alpha-unsubscribe-incoming=patchwork.ozlabs.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 95027 invoked by uid 89); 11 Mar 2015 16:12:38 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=AWL, BAYES_00,
	RCVD_IN_DNSWL_LOW, SPF_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: mail-ob0-f178.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to
	:content-type;
	bh=I6xMh1vY3awlhJtAHB70+fXFSm2YmVsVJBYvy1h+lT8=;
	b=DYAiQFNbzhmbvepD1uTSGR1A9IlY/MhX0Uuzt/K1RX+eVvYVL7O+ALs9h2ZXG/UnDI
	L5DT6uXmwngxdSwSjC0hkPm19cay7VRBVY9vhjOagwHqFvkCitcvt+GydK1OBCDkM0/d
	rEiDctd3u9Jzj/pj8yvTHWr3uoCWfbJXAkPlpRvmbBnk2UOo0OZQmi5hAWi1yJb++Fpx
	p2D+0SiTKtgAoZjxzlnRx/Hu4gvUb3IDR47Gwh66Zju20+qSYA1X9Pt82TWgRfdt+avP
	l1AyJOxAQ/02FkIX4ORlpxCFLdFEsapXxvDVvCnCUroAzJx+7LcL2DTfr8vetYXDkr9E
	ibzw==
X-Gm-Message-State: 
 ALoCoQna3igkdaZ9BTJPg0HYDnGtiGKIkYjF/iDKBZxPZ05Jl+6U9VU7XeU7eoMd3tu9HKq4cOiu
X-Received: by 10.182.230.132 with SMTP id sy4mr30862205obc.29.1426090349579;
	Wed, 11 Mar 2015 09:12:29 -0700 (PDT)
MIME-Version: 1.0
From: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Wed, 11 Mar 2015 09:11:59 -0700
Message-ID: 
 <CALoOobNSbWUkd_i-L6U0ovbqPYnJY-h=ftX1K61yb19pmJj6aw@mail.gmail.com>
Subject: [patch] Error on setenv(..., NULL, ...)
To: GLIBC Devel <libc-alpha@sourceware.org>

Greetings,

The following test program:

#include <stdlib.h>
#include <stdio.h>

int main() {
  setenv("ZZZ", NULL, 1);
  char *p = getenv("ZZZ");
  printf("%c\n", p[0]);
  return 0;
}

produces "unusable" environment, in which getenv("ZZZ") succeeds, but
you can't look at any bytes of the resulting pointer:

gcc -g t.c
t.c: In function ‘main’:
t.c:5:3: warning: null argument where non-null required (argument 2) [-Wnonnull]
   setenv("ZZZ", NULL, 1);
   ^

valgrind ./a.out

==27832== Invalid read of size 1
==27832==    at 0x4005FB: main (/tmp/t.c:7)
==27832==  Address 0x4dea3e4 is 0 bytes after a block of size 4 alloc'd
==27832==    at 0x40307C4: malloc
(valgrind/coregrind/m_replacemalloc/vg_replace_malloc.c:270)
==27832==    by 0x4A60C59: __add_to_environ
(/build/buildd/eglibc-2.19/stdlib/setenv.c:193)
==27832==    by 0x40344BF: setenv (valgrind/memcheck/mc_replace_strmem.c:1643)
==27832==    by 0x4005E8: main (/tmp/t.c:5)


See also https://sourceware.org/ml/libc-alpha/2015-03/msg00402.html,
where GLIBC performed the bad setenv() itself.

Attached trivial patch makes setenv(..., NULL, ...) fail instead of
producing "bad" environment. Tested on Linux/x86_64, no new failures.

Thanks,


2015-03-11  Paul Pluzhnikov  <ppluzhnikov@google.com>

        * stdlib/setenv.c (setenv): Reject NULL value in setenv.

diff --git a/stdlib/setenv.c b/stdlib/setenv.c
index b60c4f0..63a95cf 100644
--- a/stdlib/setenv.c
+++ b/stdlib/setenv.c
@@ -240,7 +240,8 @@ setenv (name, value, replace)
      const char *value;
      int replace;
 {
-  if (name == NULL || *name == '\0' || strchr (name, '=') != NULL)
+  if (name == NULL || *name == '\0' || strchr (name, '=') != NULL
+      || value == NULL)
     {
       __set_errno (EINVAL);
       return -1;