From 41389c40499a083c59e68ba281ec87be567f2871 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Fri, 20 Jan 2017 00:45:09 +0530 Subject: Fix environment traversal when an envvar value is empty The condition when the value of an envvar is empty (not just '\0'), the loop in tunables_init gets stuck infinitely because envp is not incremented. Fix that by always incrementing envp in the loop. Added test case (tst-empty-env.c) verifies the fix when the source is configured with --enable-hardcoded-path-in-tests, thanks Josh Stone for providing the test case. Verified on x86_64. * elf/dl-tunables (get_next_env): Always advance envp. * stdlib/tst-empty-env.c: New test case. * stdlib/Makefile (tests): Use it. --- ChangeLog | 6 ++++++ elf/dl-tunables.c | 4 ++-- stdlib/Makefile | 3 +++ stdlib/tst-empty-env.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 stdlib/tst-empty-env.c diff --git a/ChangeLog b/ChangeLog index e3f3f5f01c..c59c6a951d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2017-01-19 Siddhesh Poyarekar + + * elf/dl-tunables (get_next_env): Always advance envp. + * stdlib/tst-empty-env.c: New test case. + * stdlib/Makefile (tests): Use it. + 2017-01-19 Joseph Myers [BZ #21047] diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index e0119d17ed..ba5246a099 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -80,7 +80,7 @@ get_next_env (char **envp, char **name, size_t *namelen, char **val) { while (envp != NULL && *envp != NULL) { - char *envline = *envp; + char *envline = *envp++; int len = 0; while (envline[len] != '\0' && envline[len] != '=') @@ -94,7 +94,7 @@ get_next_env (char **envp, char **name, size_t *namelen, char **val) *namelen = len; *val = &envline[len + 1]; - return ++envp; + return envp; } return NULL; diff --git a/stdlib/Makefile b/stdlib/Makefile index 0c099733fe..5751b5d600 100644 --- a/stdlib/Makefile +++ b/stdlib/Makefile @@ -81,6 +81,9 @@ tests := tst-strtol tst-strtod testmb testrand testsort testdiv \ tst-quick_exit tst-thread-quick_exit tst-width \ tst-width-stdint tst-strfrom tst-strfrom-locale \ tst-getrandom +ifeq ($(build-hardcoded-path-in-tests),yes) +tests += tst-empty-env +endif tests-static := tst-secure-getenv ifeq ($(have-cxx-thread_local),yes) CFLAGS-tst-quick_exit.o = -std=c++11 diff --git a/stdlib/tst-empty-env.c b/stdlib/tst-empty-env.c new file mode 100644 index 0000000000..0b0651d530 --- /dev/null +++ b/stdlib/tst-empty-env.c @@ -0,0 +1,58 @@ +/* Test that passing a NULL value does not hang environment traversal in + tunables. + Copyright (C) 2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* The test is useful only when the source is configured with + --enable-hardcoded-path-in-tests since otherwise the execve just picks up + the system dynamic linker. */ + +#include +#include +#include +#include + +static int +do_test (int argc, char **argv) +{ + if (argc == 2) + return 0; + + char envname[] = "FOOBAR"; + char *filename = program_invocation_name; + char *newargv[] = {filename, filename, NULL}; + char *newenviron[] = {envname, NULL}; + + /* This was reported in Fedora: + + https://bugzilla.redhat.com/show_bug.cgi?id=1414589 + + If one of the environment variables has no value, then the environment + traversal must skip and also advance to the next environment entry. The + bug in question would cause this test to hang in an infinite loop. */ + int ret = execve (filename, newargv, newenviron); + + if (ret != 0) + printf ("execve failed: %m"); + + /* We will reach here only if we fail execve. */ + return 1; +} + +#define TIMEOUT 3 +#define TEST_FUNCTION_ARGV do_test +#include -- cgit 1.4.1