httpd: memory hole in function addEnv() and more
Vladimir N. Oleynik
dzo at simtreas.ru
Mon Sep 5 09:52:35 UTC 2005
Dirk,
>>>1.) memory hole
>>>
>>>Them memory alloced by asprintf() is never free'd.
>>>Solution: insert free(s) behind putenv(s).
>>
>>
>>No.
>>man putenv()
>>see libc incompatibility memory allocated sections.
>
>
> Ok, it is a 'maybe' memory hole. With uclibc it is a memory hole.
Yes.
> We should use setenv() instead of putenv().
> And if we use setenv() there is no need of using addEnv():
>
> use
> setenv("QUERY_STRING",config->query,1);
> setenv("SERVER_SOFTWARE", httpdVersion,1);
> instaead of
> addEnv("QUERY_STRING", "", config->query);
> addEnv("SERVER", "SOFTWARE", httpdVersion);
No.
Compare size:
setenv("SERVER_SOFTWARE", httpdVersion,1);
setenv("SERVER_PROTOCOL", "HTTP/1.0" ,1);
setenv("SERVER_PORT", server_port, 1);
setenv("REMOTE_PORT", remote_port, 1);
setenv("REMOTE_USER", remote_user, 1);
etc
with:
addEnv("SERVER", "SOFTWARE", httpdVersion);
addEnv("SERVER", "PROTOCOL", HTTP/1.0);
addEnvPort("SERVER");
addEnvPort("REMOTE");
addEnv("REMOTE", "USER", remote_user);
etc
(all good C compiler produce string "SERVER" and "REMOTE" one only)
--w
vodz
More information about the busybox
mailing list