Bug 137951 - mail crashes on empty USER variable
Summary: mail crashes on empty USER variable
Status: CLOSED DUPLICATE of bug 134837
Alias: None
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: mailx
Version: 2.1
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Jiri Ryska
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-11-03 03:35 UTC by Need Real Name
Modified: 2007-11-30 22:06 UTC (History)
0 users

Clone Of:
Last Closed: 2006-02-21 19:06:46 UTC

Attachments (Terms of Use)

Description Need Real Name 2004-11-03 03:35:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001

Description of problem:
The BSD-style /bin/mail application installed by mailx-8.1.1-22
generates segmentation faults when running from cron on an Enterprise
Linux Team server (or in any other situation where the USER
environment variable is unset).


In particular the mail source code defines a function send() that
interposes a libc function with the same name. If the USER environment
variable is not set the code calls getpwuid() which, due to the
involvement of LDAP in the environment, ultimately requires a call to
the libc send() function. Mail's own send() function gets called
instead, an uninitialized pointer is dereferenced and the segmentation
fault occurs.


Please investigate a solution for this problem. This may include
patching the source code (renaming all functions that are also in libc
as send() is not the only one); implementing a replacement mail
package; or anything else that may solve this problem. The agreed
solution should then be rolled out to all WIS servers that currently
have the mailx package installed on them.
n them.

Version-Release number of selected component (if applicable):
Update CD5, kernel release 2.4.9-41

How reproducible:

Steps to Reproduce:
1. See above.

Actual Results:  /bin/mail crashes

Expected Results:  mail sends mail and do not crash

Additional info:

Please ask for additional information if you need any.

Comment 1 Jiri Ryska 2004-11-03 11:38:05 UTC

*** This bug has been marked as a duplicate of 134837 ***

Comment 2 Red Hat Bugzilla 2006-02-21 19:06:46 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.