[BusyBox-cvs] [BusyBox 0000261]: Unsafe empty env var export in ash

bugs at busybox.net bugs at busybox.net
Thu May 19 04:29:20 UTC 2005 

The following issue has been SUBMITTED.
======================================================================
<http://busybox.net/bugs/view.php?id=261> 
======================================================================
Reported By:                keithsmith
Assigned To:                BusyBox
======================================================================
Project:                    BusyBox
Issue ID:                   261
Category:                   Other
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
======================================================================
Date Submitted:             05-18-2005 21:29 PDT
Last Modified:              05-18-2005 21:29 PDT
======================================================================
Summary:                    Unsafe empty env var export in ash
Description: 
As reported previously, awk segfaults when empty environment variables are
exported.

# export x=''
# awk
SIGSEGV

This prompted a bugfix in revision 9054:
http://busybox.net/cgi-bin/viewcvs.cgi?view=rev&rev=9054

However, the core problem lies with ash.  It maintains the environment as
an array of strings of the form 'name=value', but this format is not
respected by setvar() as invoked by the export builtin.  To demonstrate,
note the different results for x and y:

~ # env
USER=root
HOME=/
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
PWD=/

# y=''
# export y
# env
USER=root
HOME=/
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
y=
PWD=/

# export x=''
# env
USER=root
HOME=/
x
LOGNAME=root
TERM=vt102
PATH=/usr/sbin:/bin:/usr/bin:/sbin
SHELL=/bin/sh
y=
PWD=/


All entries in the environment should conform to the 'name=value'
convention, as any consumers of environment variables set by ash may be
susceptible to segfaults similarly to awk.

======================================================================

Issue History
Date Modified  Username       Field                    Change              
======================================================================
05-18-05 21:29 keithsmith     New Issue                                    
05-18-05 21:29 keithsmith     File Added: ash-export-empty-envvars.patch        
           
======================================================================

More information about the busybox-cvs mailing list