Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Apr 2015 22:52:09 -0700
From: Isaac Dunham <ibid.ag@...il.com>
To: musl@...ts.openwall.com
Subject: Re: setenv if value=NULL, what say standard? Bug?

On Thu, Apr 23, 2015 at 02:35:15AM +0200, Laurent Bercot wrote:
> On 23/04/2015 02:08, Jean-Marc Pigeon wrote:
> >My guess, glibc code is 'blindly" setting the NULL (as "")
> >value to the variable.
> >
> >Is the standard saying otherwise, or do we have a
> >a real bug in setenv??
> 
>  The standard at
>  http://pubs.opengroup.org/onlinepubs/9699919799/functions/setenv.html
>  says...
> 
>  ... exactly nothing about the possibility of envval being NULL.
> This is, in the strictest sense, UB. :)
> 
>  Actually, it says "The environment variable shall be set to the value
> to which envval points." So, arguably, envval should point to something,
> and since NULL does not, it is forbidden. Another valid interpretation
> could be that envvar is set to the value to which envval points, i.e.
> no value at all, so it is unset; but it doesn't fit the spirit of
> setenv() to unset variables. The glibc interpretation, if it does what
> you think it does, is wrong in any case: the empty string is a very
> different thing from no value at all.
> 
>  I think the only safe conclusion is that the application is incorrect
> and should ensure that setenv() is never called with a NULL value.

I happen to have just reread
http://www.tedunangst.com/flak/post/zero-size-objects
which has this little bit of information:

  The C standard has this to say in the section on “Use of library
  functions”.

  If an argument to a function has an invalid value (such as a value
  outside the domain of the function, or a pointer outside the address
  space of the program, or a null pointer, [...]) [...], the behavior
  is undefined.

  The section on “String function conventions” clarifies further.

  Where an argument declared as size_t n specifies the length of the
  array for a function, n can have the value zero on a call to that
  function. Unless explicitly stated otherwise in the description of
  a particular function in this subclause, pointer arguments on such
  a call shall still have valid values.

In other words, passing a NULL pointer is undefined behavior unless
spelled out to the contrary, even if a good implementation would have
no reason to follow it.

Now, setenv() is part of POSIX rather than ISO C, and thus has its
own rules, but ISO C is the foundation.

As to the question of what's the "right" thing to do, consider these
two function calls:
    setenv("OTHERVAL", getenv("SOMEVAL"),  1);
    strcmp(getenv("OTHERVAL"), getenv("OTHERVAL"));

It should be obvious that the second is incorrect.
But it's easy to arrive there if the former is accepted.

So I've sent a patch for this to the util-linux list.


Thanks,
Isaac Dunham

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.