Browse Source

fix getenv bug

The getenv() library call can trap under certain conditions.  It compares the
passed in environment variable name (var) with the name=variables (*ep) in the
environment area and returns a pointer to the value in the environment if it
exists.  To accomplish this, it does a memcmp() using the length of the passed
in name (len) for each environment variable (*ep) against the passed in name (
var).  So memcmp will attempt to scan both strings for len bytes. However, if
for some reason, len is equal to or greater than 16 and  longer than the length
of  the *ep in the environment and the *ep resides near the end of a page
boundary while the next page is not present or mapped, the memcmp could trap
with a sigsegv error while continuing the scan with the optimization
read-ahead. However, if strncmp is used instead, there is no problem since both
source and destination scanning will stop when either reaches a terminating
NULL
Ata, John (US) 4 years ago
parent
commit
fbe25933d4
1 changed files with 1 additions and 1 deletions
  1. 1 1
      libc/stdlib/getenv.c

+ 1 - 1
libc/stdlib/getenv.c

@@ -20,7 +20,7 @@ char *getenv(const char *var)
 	return NULL;
     len = strlen(var);
     while(*ep) {
-	if (memcmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
+	if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
 	    return *ep + len + 1;
 	}
 	ep++;