Page MenuHomeFreeBSD
Differential D31382

lib/libc: Fix uninitialized value in __setenv()
Needs ReviewPublic
Actions

Authored by arichardson on Aug 2 2021, 2:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jan 15, 6:06 PM
Unknown Object (File)
Fri, Jan 3, 4:16 AM
Unknown Object (File)
Nov 29 2024, 12:56 AM
Unknown Object (File)
Nov 16 2024, 6:51 PM
Unknown Object (File)
Oct 14 2024, 3:29 PM
Unknown Object (File)
Oct 10 2024, 8:37 AM
Unknown Object (File)
Oct 6 2024, 8:41 AM
Unknown Object (File)
Oct 6 2024, 5:46 AM
View All 50 Files
Subscribers
delphij
imp
oshogbo

Details

Reviewers
avg
emaste
kib
oshogbo
Group Reviewers
secteam
Summary

Reported indirectly via MK_UBSAN:
lib/libc/stdlib/getenv.c:169:20: runtime error: load of value 190, which is not a valid value for type 'bool'

MFC after: 3 days

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 42067
Build 38955: arc lint + arc unit

Event Timeline

arichardson created this revision.Aug 2 2021, 2:42 PM
Herald added a subscriber: imp. · View Herald TranscriptAug 2 2021, 2:42 PM
arichardson requested review of this revision.Aug 2 2021, 2:42 PM
Harbormaster completed remote builds in B40805: Diff 93119.Aug 2 2021, 2:43 PM
arichardson added a comment.Aug 16 2021, 8:17 AM

ping?

arichardson added a comment.Sep 6 2021, 12:05 PM

ping?

arichardson added reviewers: emaste, kib.Sep 13 2021, 9:14 AM
kib accepted this revision.Sep 13 2021, 10:21 AM
This revision is now accepted and ready to land.Sep 13 2021, 10:21 AM
kib edited reviewers, added: secteam; removed: ache.Sep 13 2021, 10:21 AM
This revision now requires review to proceed.Sep 13 2021, 10:21 AM
oshogbo accepted this revision.Sep 13 2021, 6:57 PM
oshogbo added a subscriber: oshogbo.

If I understand correctly, the envVars with the putenv can't be reused.
So the putenv actually is set to 0 (as we are doing calloc'ing the memory needed for envVars), and we are 0 memory when we needed.
So besides the unhappy MK_UBSAN, there are no functional changes, as well as there is no security implication.
If I'm wrong at some of these statements, please correct me.

This revision is now accepted and ready to land.Sep 13 2021, 6:57 PM
arichardson added a comment.Sep 13 2021, 9:06 PM

Well ubsan is complaining that it loaded a value of 190 so that memory clearly wasn't zeroed.

delphij added a subscriber: delphij.Sep 13 2021, 10:14 PM

I have some reservation with the proposed change. Basically the existing code is assuming that unused environment slots are zeroed (and they should be), so if I was you I'd probably amend the code around the two reallocarray's by zeroing out the newly added memory instead.

oshogbo added a comment.Sep 14 2021, 9:00 AM

Oh. Right.
I didn't noticed that after realloc the memory is not cleaned.
Yes, I also would go with @delphij suggestion.

arichardson planned changes to this revision.Sep 14 2021, 9:31 AM

Sounds good, happy to zero after realloc instead. Will update soon.

arichardson updated this revision to Diff 96667.Oct 11 2021, 11:22 AM

Zero after realloc instead

Harbormaster completed remote builds in B42067: Diff 96667.Oct 11 2021, 11:22 AM
kib added inline comments.Oct 11 2021, 3:07 PM
lib/libc/stdlib/getenv.c
283

environSize * sizeof(*intEnviron) is the common subexpression in both src and size. I suspect that extracting it into temp variable would improve readability (there and in second chunk)

oshogbo added a comment.Mar 1 2024, 1:08 PM

Hello Alexander,

Do you plan to address @kib suggestion and commit it?

Thanks!

Revision Contents
Changeset List

PathSize
lib/
libc/
stdlib/
6 lines

Diff 96667

View Options

lib/libc/stdlib/getenv.c

Loading...