From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-21150-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id C91312133D
	for <ml@inbox.vuxu.org>; Wed, 17 Jul 2024 20:34:50 +0200 (CEST)
Received: (qmail 10178 invoked by uid 550); 17 Jul 2024 18:33:46 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 10125 invoked from network); 17 Jul 2024 18:33:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.net;
	s=s31663417; t=1721241217; x=1721846017; i=nullplan@gmx.net;
	bh=Nh5aGL1egIUqRi4jyoHiJAUw7VVzP8gq3ze1qxLSK2s=;
	h=X-UI-Sender-Class:Date:From:To:Cc:Subject:Message-ID:References:
	 MIME-Version:Content-Type:In-Reply-To:Content-Transfer-Encoding:
	 cc:content-transfer-encoding:content-type:date:from:message-id:
	 mime-version:reply-to:subject:to;
	b=IhF3H1LvuXLS6NYuDag9af4HtEXm8O8MVk/4y21qCAF8pBDTH1VhMf+fu2UKidql
	 114fmZgSkzBzGPg/6/ZlS0MBFO1AVVTbNNUfPipp2yUYws7QsSAQakRd4btVwuGhU
	 QBacpoaN4UY6Io+SBFoOB3r2Kgg8Pfpjzm9r77bSTh/E4jS+ohN5PtMik1bFCKU2C
	 c2Sp8937E/WZLUYYK1fNmSt+cqHnXIeLy/Q2GaDW5lfFNEIbUIH8mE8VtgIEEoGLJ
	 FIN6U+MzJPVhreZOaeJLwd57TzGQ7RhafzI8uoyiEHbaQAM5TZDkQlJnwA2tWbasg
	 TXLWhsGCj7y/KlCjwQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Date: Wed, 17 Jul 2024 20:33:35 +0200
From: Markus Wichmann <nullplan@gmx.net>
To: musl@lists.openwall.com
Cc: Luca <groovysnail42@gmail.com>
Message-ID: <ZpgOf4zBSrnueTMT@voyager>
References: <CAND4rFaJyy4qEooADYHjFj3yF3wQaQ02GCX3u13_OJGOr1hu+w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAND4rFaJyy4qEooADYHjFj3yF3wQaQ02GCX3u13_OJGOr1hu+w@mail.gmail.com>
X-Provags-ID: V03:K1:VKDOvW0gCCeaRkvOlHRgs7Dr1pIRBXqG7iGNYfa8MR1c8/k9AUe
 WUjCTLs4xetAr2iWz1Sq9qGgqr7sPeh6jKF02ZCcqxwI5N5YX30l/ac2pndZrvW5ED5iTK1
 XHGJtbl3AhZiqxPElp98lmPwk5boC2B+YSlVzSbrV5qYx0vM67p+4GqyqgFiRNrdxBsZUHI
 KJUST0w2xDKsuUKpirr3g==
UI-OutboundReport: notjunk:1;M01:P0:kbFtSDfdipw=;xWukSqG5o3QQTHIHGDhVqBQ85j1
 m3SlrS22ig54VwXlO2cOFhKE4ZmUX/NF0rULJM0yhhDYRdzKzo57RYj0s1JxXf9l/KnUlhW+A
 Vp7rhstP0W27KguCpF07fYHfYnfT5DFKAVK1pcVwsDfxu9gswxlhVLdLlftC5zRFR3nw6pBIR
 Z9c/P9C5eD88OEcAxuIAA/H2fwF1NuOUo9VkdIPZo1bgvTrK1igvlmbU5hjkfgrm00lcOVkro
 4WrRKt17B4d+VPlaa4w/KIcLkU6eg90Decuoit8d7U+x7uKK9fHOUYAHyguEjVDE8eQjL0gkd
 PACdW/t0X2X0ne6YcieNBV4+fn38ov73RSPKI142iVAF7sjw/UMyIcMnD3ARrqvH5RyXBztSF
 82tP+GMPFBX2mqPzYN2kksmK4YLu6YOttiP/GtP71/Q1+Yo+XL3A6SB9Oe7kshEAKEKp3lJ3s
 IH63pnf3LP0l/UQ4TuSFT7q6ieeVVrdBE+6WVZrFAyceCWS5JP5BsaX79f5yiXwLdCnjmIDJO
 Dd9oGqUzqpuElVGAXzEeAHZZRI/+qCbvkjCRShXMD/U5Jwc2WKv2cd951zN/d5GOLKwojFMsW
 7aL+4awBGefk5dKpJZrCKZ61seB+TmH5sneQTkBY184n4+VVsJcf20shIB1jGJgEV+lJXHHfN
 QI/stF8Ug8RJUC73TAENqVrDsE7yDzIBQHZ8LhTatju+/0iC5kp40BEgUl+/A0tW1bNvZc8cR
 hHlJlRPYcEB8GRue42opVVlZwzYQtY1G67EqDH26E5ty0+2i/dnsc9nVUoQPOcCNa8NqNoyVW
 V+UI+V8okvS8sBMdXutv9TJg==
Content-Transfer-Encoding: quoted-printable
Subject: Re: [musl] Memory Leak

Am Wed, Jul 17, 2024 at 06:54:59PM +0200 schrieb Luca:
> The variable `static char **oldenv` is passed to a free in line 29:
> `free(oldenv);`.
> The variable is a 2d pointer and therefore all contents within it should=
 be
> freed.
> By freeing only oldenv all the lines of `__environ` are lost.
>
> Possible hotfix:
> ```
> for (int j =3D 0; oldenv[j]; ++j) free(oldenv[j]);
> free(oldenv);
> ```

No, that is invalid. You can only call free() on pointers that you own,
and that came from malloc(). The first property is not fulfilled in
putenv(). putenv() doesn't own any of the pointers given to it. It only
places them inside the environment.

And that's the end of that, really. Even those environment pointers
that were allocated are invalid to free() here because putenv() doesn't
own them. setenv() might, but that's what __env_rm_add() is for.

Also, many of the pointers in oldenv are shared with newenv. Freeing
them would leave dangling pointers in the environment list.

Ciao,
Markus