[BusyBox 0001385]: Unsafe putenv() in mdev corrupts environment
bugs at busybox.net
bugs at busybox.net
Thu Jun 7 11:34:47 PDT 2007
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=1385
======================================================================
Reported By: eswierk
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1385
Category: Other
Reproducibility: random
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 06-07-2007 11:34 PDT
Last Modified: 06-07-2007 11:34 PDT
======================================================================
Summary: Unsafe putenv() in mdev corrupts environment
Description:
An unsafe use of putenv() in mdev.c (BusyBox 1.5.1) occasionally corrupts
the environment, causing the spawned process to receive garbage in the
MDEV variable. This occurs only intermittenly, and only when mdev -s is
invoked explicitly.
If I understand the semantics of putenv(), it uses the passed string
directly, so the caller must not free it. Patch attached.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
06-07-07 11:34 eswierk New Issue
06-07-07 11:34 eswierk Status new => assigned
06-07-07 11:34 eswierk Assigned To => BusyBox
06-07-07 11:34 eswierk File Added: busybox-202-mdev-putenv-bug.patch
======================================================================
More information about the busybox-cvs
mailing list