On Thu, Sep 23, 2010 at 12:02:42PM -0400, Christos Zoulas wrote:
> Module Name: src
> Committed By: christos
> Date: Thu Sep 23 16:02:41 UTC 2010
>
> Modified Files:
> src/lib/libc/stdlib: setenv.c
>
> Log Message:
> PR/43899: Nicolas Joly: setenv(3)/unsetenv(3) memory leak.
> Partial fix: Don't allocate a new string if the length is equal to the
> old length, because presumably the old string was also nul terminated
> so it has the extra byte needed.
> The real fix is to keep an adjunct array of bits, one for each environment
> variable and keep track if the entry was allocated or not so that we can
> free it in unsetenv.
Hmmm.... I've just read the TOG page for putenv().
A conformant system isn't required to do anything other than save the
user-supplied pointer.
It even states that you can modify the value by changing the memory buffer
after calling putenv().
If the strings are copied in libc...
When libc starts, all the env strings will be adjacent, and at one end
of the stack area (placed by the kernel during exec).
So presumably the addess of the string can be compared against that
range to determine whether the string was malloc'ed or not.
David
--
David Laight: da...@l8s.co.uk
