From b1daa1b9db90baacab8a5d04ba07d2405e25f6a8 Mon Sep 17 00:00:00 2001 From: Brian Somers Date: Wed, 20 Sep 2000 03:05:37 +0000 Subject: [PATCH] Only realloc() environ if we're sure that we know where it came from. The recent problems with sshd were due to sshd reassigning `environ' when setenv() thinks it owns it. setenv() subsequently realloc()s the new version of environ and *boom* --- lib/libc/stdlib/malloc.c | 1 + lib/libc/stdlib/setenv.c | 9 ++++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index 3b631e86de7..1bcc5e1416c 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -20,6 +20,7 @@ #ifndef MALLOC_EXTRA_SANITY #undef MALLOC_EXTRA_SANITY #endif +#define MALLOC_EXTRA_SANITY /* * What to use for Junk. This is the byte value we use to fill with diff --git a/lib/libc/stdlib/setenv.c b/lib/libc/stdlib/setenv.c index 96f22a3e6ce..cd82c0d8707 100644 --- a/lib/libc/stdlib/setenv.c +++ b/lib/libc/stdlib/setenv.c @@ -56,7 +56,7 @@ setenv(name, value, rewrite) int rewrite; { extern char **environ; - static int alloced; /* if allocated space before */ + static char **alloced; /* if allocated space before */ register char *c; int l_value, offset; @@ -75,21 +75,20 @@ setenv(name, value, rewrite) register char **p; for (p = environ, cnt = 0; *p; ++p, ++cnt); - if (alloced) { /* just increase size */ + if (alloced == environ) { /* just increase size */ p = (char **)realloc((char *)environ, (size_t)(sizeof(char *) * (cnt + 2))); if (!p) return (-1); - environ = p; + alloced = environ = p; } else { /* get new space */ /* copy old entries into it */ p = malloc((size_t)(sizeof(char *) * (cnt + 2))); if (!p) return (-1); - alloced = 1; bcopy(environ, p, cnt * sizeof(char *)); - environ = p; + alloced = environ = p; } environ[cnt + 1] = NULL; offset = cnt;