Path: csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From: Keeley Hoek <keeley@hoek.io>
Newsgroups: gnu.bash.bug
Subject: [PATCH] Fix null environ crash in getenv() provided by lib/sh/getenv.c
Date: Sun, 8 Jul 2018 21:21:21 +1000
Lines: 34
Sender: keeley@hoek.io
Approved: bug-bash@gnu.org
Message-ID: <mailman.3251.1531054800.1292.bug-bash@gnu.org>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Trace: usenet.stanford.edu 1531054801 31040 208.118.235.17 (8 Jul 2018 13:00:01 GMT)
X-Complaints-To: action@cs.stanford.edu
To: bug-bash@gnu.org
Envelope-to: bug-bash@gnu.org
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=hoek.io; q=dns/txt; s=smtp; t=1531048883; h=Content-Type: To: Subject: Message-ID: Date: From: MIME-Version: Sender; bh=Hsd/cXDisR6DCI3WVOa/Sj7hRVCDBeuD0kaf6mtRzPI=; b=zWSbfvYO42c9Bh0tGsf3Y1sx/hzsH5zFroeEgB68U8OyvCR3I/llALoXsv1R3twqIcgrj7YH GHg24k72NZlR2GLUcu9hXk0F21IHn0kIwYJHOtDyWnHz4DO/pzeRU3aRhjv66fdH+BezKUzl mylOH0RQ3+nDuXqwXNouibrnLqY=
X-Mailgun-Sending-Ip: 184.173.153.194
X-Mailgun-Sid: WyIyYmU0YiIsICJidWctYmFzaEBnbnUub3JnIiwgImJhOTZkIl0=
X-Gm-Message-State: APt69E0qfEXFmJYLLbjdreI3D96K1BCsl2VMZ+VskSYghCM0kdU+Wx8Y Ozlvr6N/xahoFjCtOLntLmY66wU+rbwaC2jheIs=
X-Google-Smtp-Source: AAOMgpd12fbkgksxXPD0e8DkIAbly54QavpIx3sYusPIEks+/ZXVHPIbbaeIGY8zl9U0zGXeuspGb9aIOaqhDQEaq2s=
X-Received: by 2002:adf:ab14:: with SMTP id q20-v6mr11471607wrc.239.1531048881887; Sun, 08 Jul 2018 04:21:21 -0700 (PDT)
X-Gmail-Original-Message-ID: <CAKxOVBsO-n8-M1Ynq9cz9xgu6b7kHvYX8Tnz324cstJbjbjEDQ@mail.gmail.com>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy]
X-Received-From: 184.173.153.194
X-Mailman-Approved-At: Sun, 08 Jul 2018 08:59:59 -0400
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash/>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.bash.bug:14299

In running bash on an embedded target, bash crashes for the silly
reason that environ is NULL.

I haven't been able to tell whether this is actually permitted by the
standard (as if?), but in bash I think this behavior is inconsistent
anyway because:

   * in initialize_shell_variables() from variables.c on line 344 the
"env == NULL" case is guarded against, while
   * in getenv() from lib/sh/getenv.c on line 81 access to environ is
performed unprotected.

Attached below is the tiny modification required to prevent the
segfault which occurs in the latter case. Of course, the extra
condition is only checked when "shell_variables == NULL", which is
true only before initialization has been completed. Would you consider
the addition of this protection at all acceptable?

Kind regards,
Keeley Hoek

diff --git a/lib/sh/getenv.c b/lib/sh/getenv.c
index 8b5e3406..1e682aef 100644
--- a/lib/sh/getenv.c
+++ b/lib/sh/getenv.c
@@ -69,7 +69,7 @@ getenv (name)
       if (var && exported_p (var))
        return (value_cell (var));
     }
-  else
+  else if (environ)
     {
       register int i, len;