develooper Front page | perl.perl5.porters | Postings from February 2015

[perl #123748] Calls to getenv are buggy in core C code

Thread Next
karl williamson
February 5, 2015 22:31
[perl #123748] Calls to getenv are buggy in core C code
Message ID:
# New Ticket Created by  karl williamson 
# Please include the string:  [perl #123748]
# in the subject line of all future correspondence about this issue. 
# <URL: >

This is a bug report for perl from khw@khw,
generated with the help of perlbug 1.40 running under perl 5.20.1.

A bug that is showing up in os390 appears to be caused by a general
problem.  Calls to libc getenv() return a pointer to static storage
in libc.  That storage can be overwritten by another call to one of the
environment handling functions, including getenv.  If you do
something like

     s = PerlEnv_getenv("PERL5OPT")

and then parse 's', 's' could be corrupted by any other call to one of
the C environment routines, including a getenv.  One might not expect
that a read acess to the environment would destroy something else, but
it could.  There are a bunch of these in the core.  In the example 
above,from perl.c,  while parsing, it can call moreswitches(), which 
actually does a putenv() in some circumstances.  I haven't investigated 
to see if the flow actually permits to this happen, but if not, it's 
just by luck.

If the result of a getenv is saved for later use, it should be copied,
savepv(), or else the results are undefined.

The core should be audited for occurrences of this issue.

Thanks to ilmari and alh for discussing this with me on #p5p

Site configuration information for perl 5.21.9:

Configured by khw at Thu Feb  5 08:31:14 MST 2015.

Summary of my perl5 (revision 5 version 21 subversion 9) configuration:
   Commit id: a9b5431bbad036dcb9773ff97b10a02d6cf706a0
     osname=linux, osvers=3.16.0-30-generic, 
     uname='linux khw 3.16.0-30-generic #40-ubuntu smp mon jan 12 
22:06:37 utc 2015 x86_64 x86_64 x86_64 gnulinux '
     config_args='-des -Uversiononly -Dprefix=/home/khw/blead -Dusedevel 
-D'optimize=-ggdb3' -A'optimize=-ggdb3' -A'optimize=-O0' 
-Accflags='-DPERL_BOOL_AS_CHAR' -Dman1dir=none -Dman3dir=none 
-DDEBUGGING -Dcc=g++ -Dusemorebits -Dusethreads'
     hint=recommended, useposix=true, d_sigaction=define
     useithreads=define, usemultiplicity=define
     use64bitint=define, use64bitall=define, uselongdouble=define
     usemymalloc=n, bincompat5005=undef
     cc='g++', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DPERL_BOOL_AS_CHAR 
-fwrapv -DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong 
-I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
     optimize=' -ggdb3 -O0',
     cppflags='-D_REENTRANT -D_GNU_SOURCE -DPERL_BOOL_AS_CHAR -fwrapv 
-DDEBUGGING -fno-strict-aliasing -pipe -fstack-protector-strong 
     ccversion='', gccversion='4.9.1', gccosandvers=''
     intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678, 
     d_longlong=define, longlongsize=8, d_longdbl=define, 
longdblsize=16, longdblkind=3
     ivtype='long', ivsize=8, nvtype='long double', nvsize=16, 
Off_t='off_t', lseeksize=8
     alignbytes=16, prototype=define
   Linker and Libraries:
     ld='g++', ldflags =' -fstack-protector-strong -L/usr/local/lib'
     libpth=/usr/include/c++/4.9 /usr/include/x86_64-linux-gnu/c++/4.9 
/usr/include/c++/4.9/backward /usr/local/lib 
/usr/include/x86_64-linux-gnu /usr/lib /lib/x86_64-linux-gnu /lib/../lib 
/usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib
     libs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
     perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc, so=so, useshrplib=false, libperl=libperl.a
   Dynamic Linking:
     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
     cccdlflags='-fPIC', lddlflags='-shared -ggdb3 -ggdb3 -O0 
-L/usr/local/lib -fstack-protector-strong'

@INC for perl 5.21.9:

Environment for perl 5.21.9:
     LANGUAGE (unset)
     LD_LIBRARY_PATH (unset)
     LOGDIR (unset)
     PERL_BADLANG (unset)

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About