mailing list archives
Re: simple kde exploit fix
From: thospel () mail dma be (Ton Hospel)
Date: Mon, 18 May 1998 20:02:10 GMT
In article <Pine.LNX.3.96.980518103111.11608A-100000 () digi1 inreach net>,
digi <digi () inreach net> writes:
env = getenv("HOME");
env[BUFLEN] = '\0';
would save memcpy()ing and strlen()ing.
Dangerous unless you know very well where your env buffer
really comes from (and goes to)
- I have seen C implementation where all getenv's use copying into one
static buffer -> another getenv() somewhere in the program
might unexpectedly change your env
- I have seen C implementations where these are pointers
into a env space -> then you really hit the data (next getenv
might be surprised), or you might even be modifying a different
For getenv it's usually best to copy the value from out of the result,
before some other getenv or putenv changes it.
My pid is Inigo Montoya. You kill -9 my parent process. Prepare to vi.