From 556211d48c47e44561f556f3b42d15c02e028039 Mon Sep 17 00:00:00 2001 From: brian Date: Wed, 20 Sep 2000 03:05:37 +0000 Subject: Only realloc() environ if we're sure that we know where it came from. The recent problems with sshd were due to sshd reassigning `environ' when setenv() thinks it owns it. setenv() subsequently realloc()s the new version of environ and *boom* --- lib/libc/stdlib/malloc.c | 1 + lib/libc/stdlib/setenv.c | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index 3b631e8..1bcc5e1 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -20,6 +20,7 @@ #ifndef MALLOC_EXTRA_SANITY #undef MALLOC_EXTRA_SANITY #endif +#define MALLOC_EXTRA_SANITY /* * What to use for Junk. This is the byte value we use to fill with diff --git a/lib/libc/stdlib/setenv.c b/lib/libc/stdlib/setenv.c index 96f22a3..cd82c0d 100644 --- a/lib/libc/stdlib/setenv.c +++ b/lib/libc/stdlib/setenv.c @@ -56,7 +56,7 @@ setenv(name, value, rewrite) int rewrite; { extern char **environ; - static int alloced; /* if allocated space before */ + static char **alloced; /* if allocated space before */ register char *c; int l_value, offset; @@ -75,21 +75,20 @@ setenv(name, value, rewrite) register char **p; for (p = environ, cnt = 0; *p; ++p, ++cnt); - if (alloced) { /* just increase size */ + if (alloced == environ) { /* just increase size */ p = (char **)realloc((char *)environ, (size_t)(sizeof(char *) * (cnt + 2))); if (!p) return (-1); - environ = p; + alloced = environ = p; } else { /* get new space */ /* copy old entries into it */ p = malloc((size_t)(sizeof(char *) * (cnt + 2))); if (!p) return (-1); - alloced = 1; bcopy(environ, p, cnt * sizeof(char *)); - environ = p; + alloced = environ = p; } environ[cnt + 1] = NULL; offset = cnt; -- cgit v1.1