URL:
<https://savannah.gnu.org/bugs/?59601>
Summary: buffer over-read on malformed environment variable
Project: make
Submitted by: elagergren_so
Submitted on: Wed 02 Dec 2020 08:00:31 PM UTC
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: 4.3
Operating System: Any
Fixed Release: None
Triage Status: None
_______________________________________________________
Details:
If Make encounters an environment variable without an equals sign it will read
past the end of `ep` (on 4.3, main.c:1364).
To repro, compile then provide the path to `make`:
#include <stdio.h>
#include <unistd.h>
int main(int argc, const char** argv) {
if (argc != 2) {
fprintf(stderr, "test.c: must provide exactly one argument\n");
return 1;
}
char* const args[] = {NULL};
char* const envp[] = {"CRASH", NULL};
execve(argv[1], args, envp);
perror("execve");
return 0;
}
Tested Make versions 4.2.1 (default on Debian Buster), 4.3.1 (compiled from
source on Debian Buster), and 3.81 (macOS 19.6.0).
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 02 Dec 2020 08:00:31 PM UTC Name: repro.c Size: 343B By:
elagergren_so
<http://savannah.gnu.org/bugs/download.php?file_id=50380>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?59601>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
