cvs commit: src/usr.sbin/sysinstall main.c
Andrey Chernov
ache at freebsd.org
Mon Apr 30 17:05:41 UTC 2007
On Mon, Apr 30, 2007 at 12:54:45PM -0400, John Baldwin wrote:
> Hmm, I think I see that this is orthogonal to the setenv(3) fix, but still, if
> one does this:
>
> char *cp = strdup("FOO=bar");
> putenv(cp);
> ...
> setenv("FOO", "baz");
cp value is undefined right here and can't be safely printed afterwards.
Anything can happens at printf including core dump.
> ...
> setenv("FOO", "really_long_string");
> ...
> printf("FOO: %s\n", cp + 4);
>
> You are going to get 'baz' in the printf output. Or if one does:
>
> char *cp = strdup("FOO=bar");
> putenv(cp);
> ...
> setenv("FOO", "really_long_string");
Again, cp value is undefined right here and can't be safely printed
afterwards.
> ...
> strcpy(cp + 4, "baz");
> ...
> printf("FOO: %s\n", getenv("FOO"));
>
> You are going to get 'really_long_string' in the printf output, and not 'baz'.
--
http://ache.pp.ru/
More information about the cvs-src
mailing list