Re: Fix for memory leak in setenv/unsetenv

From: John Baldwin <jhb_at_freebsd.org>
Date: Tue, 10 Oct 2006 10:01:03 -0400
On Friday 06 October 2006 21:13, Sean C. Farley wrote:
> Many a moon ago[1], I put together a patch to fix the leak in setenv()
> and unsetenv().  A few months ago, I submitted a PR (kern/99826[2]) for
> the final fix.  I was wondering if anyone would take a look at it to see
> if any changes are still warranted.  The PR contains information about
> the patch and sample programs to test it out.
> 
> Thank you.
> 
> Sean
>    1. http://lists.freebsd.org/pipermail/freebsd-hackers/2005-February/010463.html
>    2. http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/99826

This still won't work.  The reason for the intentional leak is because
of this code sequence:

	char *a;

	setenv("FOO", "0", 1);
	a = getenv("FOO");
	setenv("FOO", "bar", 1);
	printf("FOO was %s\n", a);

With the memory leak fixed this will use free'd memory.  While this code
may seem weird in a program, it actually is quite possible for a library
to read and cache the value of an environment variable.  If you didn't
leave the leak around, the library could cause a crash if the main
program (or another library) changed the environment variable the first
library had a cached pointer to the value of.

I know for one app at my last job we had a problem with this with TZ, and so
we explicitly space padded the timezone name out to a fixed-size each time
to avoid the leak.

-- 
John Baldwin
Received on Tue Oct 10 2006 - 12:05:57 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:01 UTC