Bug 41290 - at crashes when invoked with invalid environment variables
at crashes when invoked with invalid environment variables
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: at (Show other bugs)
7.1
All Linux
low Severity low
: ---
: ---
Assigned To: Crutcher Dunnavant
Aaron Brown
http://cliph.linux.pl/at-3.1.8-nullen...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-05-18 10:54 EDT by Need Real Name
Modified: 2005-10-31 17:00 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-18 11:00:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Simple fix. (489 bytes, patch)
2001-05-18 11:00 EDT, Need Real Name
no flags Details | Diff

  None (edit)
Description Need Real Name 2001-05-18 10:54:46 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19 i686)

Description of problem:
If you execute at with invalid environment array it crashes with SIGSEGV.
The problem occur only if environment array contains string without ,,=''
character (without value to the variable.

How reproducible:
Always

Steps to Reproduce:
1. Compile following program: 
int main() 
{
	char * envp[]={ "blah", NULL };
	execle("/usr/bin/at", "at", "now", NULL, envp); 
}
2. Execute it and look how /usr/bin/at crashes.


Actual Results:  at receives SIGSEGV and crashes because of improper
pointer setting


Expected Results:  It should not crash ;)

Additional info:

Tested on at-3.1.8-12 and at-3.1.8-16 (from rawhide) on RH 7.0.
Patch available at: http://cliph.linux.pl/at-3.1.8-nullenv.patch
It doesn't seem to be exploitable.
Comment 1 Need Real Name 2001-05-18 11:00:38 EDT
Created attachment 18930 [details]
Simple fix.
Comment 2 Crutcher Dunnavant 2001-06-25 21:44:55 EDT
ok

Note You need to log in before you can comment on or make changes to this bug.