From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19 i686) Description of problem: If you execute at with invalid environment array it crashes with SIGSEGV. The problem occur only if environment array contains string without ,,='' character (without value to the variable. How reproducible: Always Steps to Reproduce: 1. Compile following program: int main() { char * envp[]={ "blah", NULL }; execle("/usr/bin/at", "at", "now", NULL, envp); } 2. Execute it and look how /usr/bin/at crashes. Actual Results: at receives SIGSEGV and crashes because of improper pointer setting Expected Results: It should not crash ;) Additional info: Tested on at-3.1.8-12 and at-3.1.8-16 (from rawhide) on RH 7.0. Patch available at: http://cliph.linux.pl/at-3.1.8-nullenv.patch It doesn't seem to be exploitable.
Created attachment 18930 [details] Simple fix.
ok