Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150423055208.GA3909@newbook>
Date: Wed, 22 Apr 2015 22:52:09 -0700
From: Isaac Dunham <ibid.ag@...il.com>
To: musl@...ts.openwall.com
Subject: Re: setenv if value=NULL, what say standard? Bug?

On Thu, Apr 23, 2015 at 02:35:15AM +0200, Laurent Bercot wrote:
> On 23/04/2015 02:08, Jean-Marc Pigeon wrote:
> >My guess, glibc code is 'blindly" setting the NULL (as "")
> >value to the variable.
> >
> >Is the standard saying otherwise, or do we have a
> >a real bug in setenv??
> 
>  The standard at
>  http://pubs.opengroup.org/onlinepubs/9699919799/functions/setenv.html
>  says...
> 
>  ... exactly nothing about the possibility of envval being NULL.
> This is, in the strictest sense, UB. :)
> 
>  Actually, it says "The environment variable shall be set to the value
> to which envval points." So, arguably, envval should point to something,
> and since NULL does not, it is forbidden. Another valid interpretation
> could be that envvar is set to the value to which envval points, i.e.
> no value at all, so it is unset; but it doesn't fit the spirit of
> setenv() to unset variables. The glibc interpretation, if it does what
> you think it does, is wrong in any case: the empty string is a very
> different thing from no value at all.
> 
>  I think the only safe conclusion is that the application is incorrect
> and should ensure that setenv() is never called with a NULL value.

I happen to have just reread
http://www.tedunangst.com/flak/post/zero-size-objects
which has this little bit of information:

  The C standard has this to say in the section on “Use of library
  functions”.

  If an argument to a function has an invalid value (such as a value
  outside the domain of the function, or a pointer outside the address
  space of the program, or a null pointer, [...]) [...], the behavior
  is undefined.

  The section on “String function conventions” clarifies further.

  Where an argument declared as size_t n specifies the length of the
  array for a function, n can have the value zero on a call to that
  function. Unless explicitly stated otherwise in the description of
  a particular function in this subclause, pointer arguments on such
  a call shall still have valid values.

In other words, passing a NULL pointer is undefined behavior unless
spelled out to the contrary, even if a good implementation would have
no reason to follow it.

Now, setenv() is part of POSIX rather than ISO C, and thus has its
own rules, but ISO C is the foundation.

As to the question of what's the "right" thing to do, consider these
two function calls:
    setenv("OTHERVAL", getenv("SOMEVAL"),  1);
    strcmp(getenv("OTHERVAL"), getenv("OTHERVAL"));

It should be obvious that the second is incorrect.
But it's easy to arrive there if the former is accepted.

So I've sent a patch for this to the util-linux list.


Thanks,
Isaac Dunham

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.