[Bug libc/12218] New: getenv(3) handles variable names with equal signs incorrectly

[Bug libc/12218] New: getenv(3) handles variable names with equal signs incorrectly

[tron at NetBSD dot org]

http://sourceware.org/bugzilla/show_bug.cgi?id=12218

           Summary: getenv(3) handles variable names with equal signs
                    incorrectly
           Product: glibc
           Version: 2.11
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: tron@NetBSD.org


Created attachment 5121
  --> http://sourceware.org/bugzilla/attachment.cgi?id=5121
Program which demonstrates the bug in getenv(3)

getenv(3) doesn't check whether the variable name contains an equal sign (which
it shouldn't) and will therefore return an incorrect result as demonstrated by
the attached program:


getenv: getenv.c:11: main: Assertion `getenv("EVIL=VERY") == ((void *)0)'
failed.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12218] getenv(3) handles variable names with equal signs incorrectly

[pasky at suse dot cz]

http://sourceware.org/bugzilla/show_bug.cgi?id=12218

Petr Baudis <pasky at suse dot cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |WAITING
                 CC|                            |pasky at suse dot cz

--- Comment #1 from Petr Baudis <pasky at suse dot cz> 2010-11-16 03:10:20 UTC ---
I'd say garbage in - garbage out. Why do you think it's worthwhile adding a
test for such a special case, slowing down all users?

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12218] getenv(3) handles variable names with equal signs incorrectly

[tron at NetBSD dot org]

http://sourceware.org/bugzilla/show_bug.cgi?id=12218

--- Comment #2 from Matthias Scheler <tron at NetBSD dot org> 2010-11-16 08:57:54 UTC ---
Argument validation is always a good thing.

And you can avoid the performance hit by looking for the equal sign while you
determine the length of the supplied name.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12218] getenv(3) handles variable names with equal signs incorrectly

[drepper.fsp at gmail dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=12218

Ulrich Drepper <drepper.fsp at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #3 from Ulrich Drepper <drepper.fsp at gmail dot com> 2010-11-16 13:51:37 UTC ---
There is no reason to change anything.  GIGO is exactly the right answer.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/12218] getenv(3) handles variable names with equal signs incorrectly

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=12218

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.