Bug 55738 - xinted truncates environment variable list if many variables are added
Summary: xinted truncates environment variable list if many variables are added
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xinetd
Version: 7.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Trond Eivind Glomsrxd
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-11-05 21:13 UTC by Chris Jaeger
Modified: 2007-04-18 16:38 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-12-04 17:37:11 UTC
Embargoed:


Attachments (Terms of Use)

Description Chris Jaeger 2001-11-05 21:13:26 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3-12 i686)

Description of problem:
There is a bug in the xinetd source that causes xinetd to truncate the list
of environment
variables. The bug occurs if xinetd attempts to grow the environment
variable list. What
happens is that after growing the list, xinetd attempts to set to NULL all
new variable
pointers; unfortunately, there is an off-by-one error in the indexing that
causes it to
set to NULL the last set environment variable. As all new environment
variables are
added after this, they will never be seen by the exec'ed child (the env var
list is NULL-
terminated).

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Modify the xinetd configuration file for one of the services that must
be exec'ed.
2. Add several new environment variables to be passed to the service (say
30, just
    to be safe).
3. strace xinetd and then contact the service. You will notice in the
strace that the exec
    of the service does not contain all the environment variables that you
added.
	

Actual Results:  some environment variables are missing from the
environment of the child server.

Expected Results:  all specified additional environment variables should
have been present.

Additional info:

The bug lies in libs/src/misc/m_env.c:grow(). The memset() at the end of
the
function should begin at index &ep->vars[ep->n_vars], not at
&ep->vars[ep->n_vars-1]. The actual size of this array at any point in time
is
ep->max_vars + 1.

Comment 1 Trond Eivind Glomsrxd 2001-11-05 22:08:02 UTC
The change looks sane to me... bbraun, any comments??

Comment 2 Rob Braun 2001-12-03 01:22:16 UTC
Looks fine.  It's included in the current development release.  Can someone 
try the latest development version at http://www.xinetd.org/devel and see if 
you still have the problem.  Should be fixed, but a verification would be good.


Comment 3 Trond Eivind Glomsrxd 2001-12-04 17:24:14 UTC
An rpm can be found at http://people.redhat.com/teg/xinetd/ - can the reporter
test it?

Comment 4 Chris Jaeger 2001-12-04 17:37:06 UTC
I've checked the rpm/srpm that you prepared. The source contains the fix, and
testing on my
machine shows the problem solved.


Note You need to log in before you can comment on or make changes to this bug.