[6810] in bugtraq
Re: simple kde exploit fix
daemon@ATHENA.MIT.EDU (Ton Hospel)
Tue May 19 18:39:48 1998
X-Complaints-To: thospel@mail.dma.be
Date: Mon, 18 May 1998 20:02:10 GMT
Reply-To: Ton Hospel <thospel@mail.dma.be>
From: Ton Hospel <thospel@MAIL.DMA.BE>
To: BUGTRAQ@NETSPACE.ORG
In article <Pine.LNX.3.96.980518103111.11608A-100000@digi1.inreach.net>,
digi <digi@inreach.net> writes:
> why not:
>
> char *env;
> env = getenv("HOME");
> if(env)
> env[BUFLEN] = '\0';
> else
> do_something_intelligent();
>
> would save memcpy()ing and strlen()ing.
Dangerous unless you know very well where your env buffer
really comes from (and goes to)
- I have seen C implementation where all getenv's use copying into one
static buffer -> another getenv() somewhere in the program
might unexpectedly change your env
- I have seen C implementations where these are pointers
into a env space -> then you really hit the data (next getenv
might be surprised), or you might even be modifying a different
environment variable
For getenv it's usually best to copy the value from out of the result,
before some other getenv or putenv changes it.
--
My pid is Inigo Montoya. You kill -9 my parent process. Prepare to vi.
