Bug 41290 - at crashes when invoked with invalid environment variables
Summary: at crashes when invoked with invalid environment variables
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: at (Show other bugs)
(Show other bugs)
Version: 7.1
Hardware: All Linux
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: Aaron Brown
URL: http://cliph.linux.pl/at-3.1.8-nullen...
Depends On:
TreeView+ depends on / blocked
Reported: 2001-05-18 14:54 UTC by Need Real Name
Modified: 2005-10-31 22:00 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-18 15:00:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Simple fix. (489 bytes, patch)
2001-05-18 15:00 UTC, Need Real Name
no flags Details | Diff

Description Need Real Name 2001-05-18 14:54:46 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19 i686)

Description of problem:
If you execute at with invalid environment array it crashes with SIGSEGV.
The problem occur only if environment array contains string without ,,=''
character (without value to the variable.

How reproducible:

Steps to Reproduce:
1. Compile following program: 
int main() 
	char * envp[]={ "blah", NULL };
	execle("/usr/bin/at", "at", "now", NULL, envp); 
2. Execute it and look how /usr/bin/at crashes.

Actual Results:  at receives SIGSEGV and crashes because of improper
pointer setting

Expected Results:  It should not crash ;)

Additional info:

Tested on at-3.1.8-12 and at-3.1.8-16 (from rawhide) on RH 7.0.
Patch available at: http://cliph.linux.pl/at-3.1.8-nullenv.patch
It doesn't seem to be exploitable.

Comment 1 Need Real Name 2001-05-18 15:00:38 UTC
Created attachment 18930 [details]
Simple fix.

Comment 2 Crutcher Dunnavant 2001-06-26 01:44:55 UTC

Note You need to log in before you can comment on or make changes to this bug.