Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 73043 invoked from network); 29 Mar 2010 12:39:26 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 29 Mar 2010 12:39:26 -0000 Received: (qmail 48938 invoked by uid 500); 29 Mar 2010 12:39:26 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 48706 invoked by uid 500); 29 Mar 2010 12:39:25 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 48699 invoked by uid 99); 29 Mar 2010 12:39:24 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Mar 2010 12:39:24 +0000 X-ASF-Spam-Status: No, hits=-1.2 required=10.0 tests=AWL,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of poirier@pobox.com designates 208.72.237.35 as permitted sender) Received: from [208.72.237.35] (HELO sasl.smtp.pobox.com) (208.72.237.35) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Mar 2010 12:39:18 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by b-sasl-quonix.pobox.com (Postfix) with ESMTP id 769FB9711A for ; Mon, 29 Mar 2010 08:38:56 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to :subject:date:message-id:mime-version:content-type; s=sasl; bh=n 5cbl9yLbr4exeojEuPUVLoEEUA=; b=SLI0w0QXEiTU4b/SiiC0/6nYQvgGdeMy+ MdKgN1JITFBnesQcJgq4ds7viq7x48AuHpyldX+JjGagMJ1C+q7XuJ/PdkPfg1Lk GgpKOvqOvtPAUVxHVz8MfsGaYnjh/hd8WKFuZn/OODnllTZeWVMjpqSLEOEU77lj K8eCdtiVbY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:subject :date:message-id:mime-version:content-type; q=dns; s=sasl; b=Jvu l7M4z0+Utmh0JOXRT8ta64cpmNEZ7foAe1OWHTFWMn4zCvDeJVNlH71Dl3YlWnmR NI6Wh2qRa/NBwhr8RVDpYsHpfm71icO/4J9xyoAE3pXLcPYUK7abJwxMHrqM1MrI naNrqKPaE+FpE3z1jvD7PfvTV2i9EjljbMwfO+4I= Received: from b-pb-sasl-quonix. (unknown [127.0.0.1]) by b-sasl-quonix.pobox.com (Postfix) with ESMTP id 6C55697119 for ; Mon, 29 Mar 2010 08:38:56 -0400 (EDT) Received: from slappy.raleigh.ibm.com (unknown [129.33.49.251]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by b-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 1E40697117 for ; Mon, 29 Mar 2010 08:38:55 -0400 (EDT) From: Dan Poirier To: dev@apr.apache.org Subject: apr_env_set use of putenv User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (darwin) Date: Mon, 29 Mar 2010 08:38:54 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Pobox-Relay-ID: 0A6F5FF8-3B30-11DF-9C14-68E3016DD5F0-25076293!b-pb-sasl-quonix.pobox.com If a platform doesn't have setenv(), then apr_env_set() uses putenv() with memory allocated from whatever pool it was given. Putenv() keeps a reference to that memory in the environment. If that pool is ever cleaned up, then the environment ends up with a pointer to who-knows-what. The doc string for apr_env_set says: * @param pool where to allocate temporary storage from which implies a short-lived pool is fine to use here, when clearly it's not. This seems like a bug waiting to hit some unsuspecting user of APR. I think it might be a good idea to strdup() a copy of the value before passing it to putenv(), even though I don't see a good way to ever recover that memory. E.g. Index: env.c =================================================================== --- env.c (revision 24753) +++ env.c (working copy) @@ -105,7 +105,7 @@ memcpy(p, value, vlen); p[vlen] = '\0'; - if (0 > putenv(env)) + if (0 > putenv(strdup(env))) return APR_ENOMEM; return APR_SUCCESS; Thoughts? Dan