From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/9514
Path: news.gmane.org!not-for-mail
From: Alexander Monakov <amonakov@ispras.ru>
Newsgroups: gmane.linux.lib.musl.general
Subject: [libc-test][PATCH] add putenv double-free regression test
Date: Sun,  6 Mar 2016 22:41:14 +0300
Message-ID: <1457293274-13000-1-git-send-email-amonakov@ispras.ru>
References: <1457284958-12429-1-git-send-email-amonakov@ispras.ru>
Reply-To: musl@lists.openwall.com
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1457293305 16428 80.91.229.3 (6 Mar 2016 19:41:45 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 6 Mar 2016 19:41:45 +0000 (UTC)
Cc: Alexander Monakov <amonakov@ispras.ru>
To: musl@lists.openwall.com
Original-X-From: musl-return-9527-gllmg-musl=m.gmane.org@lists.openwall.com Sun Mar 06 20:41:44 2016
Return-path: <musl-return-9527-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <musl-return-9527-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1aceYi-0004Z1-CN
	for gllmg-musl@m.gmane.org; Sun, 06 Mar 2016 20:41:44 +0100
Original-Received: (qmail 18206 invoked by uid 550); 6 Mar 2016 19:41:42 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 18151 invoked from network); 6 Mar 2016 19:41:34 -0000
X-Mailer: git-send-email 2.1.3
In-Reply-To: <1457284958-12429-1-git-send-email-amonakov@ispras.ru>
Xref: news.gmane.org gmane.linux.lib.musl.general:9514
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/9514>

---
I see the musl patch has been committed, so here's the corresponding libc-test
regression test.

It's pretty bare-bones since it just relies on libc's built-in double-free
detection.

Also it's pretty lazy to use _GNU_SOURCE ftm to get putenv; I'm not sure
what's the expected style in libc-test for such things though.
src/functional/env.c also uses _GNU_SOURCE.

 src/regression/putenv-doublefree.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 src/regression/putenv-doublefree.c

diff --git a/src/regression/putenv-doublefree.c b/src/regression/putenv-doublefree.c
new file mode 100644
index 0000000..f3a1f6c
--- /dev/null
+++ b/src/regression/putenv-doublefree.c
@@ -0,0 +1,16 @@
+// commit 9543656cc32fda48fc463f332ee20e91eed2b768 2016-03-06
+// __putenv could be confused into freeing storage that does not belong to the implementation
+#define _GNU_SOURCE
+#include <stdlib.h>
+#include <string.h>
+
+int main(void)
+{
+	setenv("A", "1", 1);
+	setenv("A", "2", 1);
+	char *c = strdup("A=3");
+	putenv(c);
+	setenv("A", "4", 1);
+	free(c);
+	return 0;
+}
-- 
2.1.3