Only realloc() environ if we're sure that we know where it came from.
The recent problems with sshd were due to sshd reassigning `environ' when setenv() thinks it owns it. setenv() subsequently realloc()s the new version of environ and *boom*
This commit is contained in:
parent
41b627fced
commit
556211d48c
@ -20,6 +20,7 @@
|
||||
#ifndef MALLOC_EXTRA_SANITY
|
||||
#undef MALLOC_EXTRA_SANITY
|
||||
#endif
|
||||
#define MALLOC_EXTRA_SANITY
|
||||
|
||||
/*
|
||||
* What to use for Junk. This is the byte value we use to fill with
|
||||
|
@ -56,7 +56,7 @@ setenv(name, value, rewrite)
|
||||
int rewrite;
|
||||
{
|
||||
extern char **environ;
|
||||
static int alloced; /* if allocated space before */
|
||||
static char **alloced; /* if allocated space before */
|
||||
register char *c;
|
||||
int l_value, offset;
|
||||
|
||||
@ -75,21 +75,20 @@ setenv(name, value, rewrite)
|
||||
register char **p;
|
||||
|
||||
for (p = environ, cnt = 0; *p; ++p, ++cnt);
|
||||
if (alloced) { /* just increase size */
|
||||
if (alloced == environ) { /* just increase size */
|
||||
p = (char **)realloc((char *)environ,
|
||||
(size_t)(sizeof(char *) * (cnt + 2)));
|
||||
if (!p)
|
||||
return (-1);
|
||||
environ = p;
|
||||
alloced = environ = p;
|
||||
}
|
||||
else { /* get new space */
|
||||
/* copy old entries into it */
|
||||
p = malloc((size_t)(sizeof(char *) * (cnt + 2)));
|
||||
if (!p)
|
||||
return (-1);
|
||||
alloced = 1;
|
||||
bcopy(environ, p, cnt * sizeof(char *));
|
||||
environ = p;
|
||||
alloced = environ = p;
|
||||
}
|
||||
environ[cnt + 1] = NULL;
|
||||
offset = cnt;
|
||||
|
Loading…
Reference in New Issue
Block a user