Incorrect use of putenv(3)
Brought to you by:
zulegerh
Menu
▾
▴
#1 Incorrect use of putenv(3)
The function "timestr2time" in "misc.c" contains the following code:
time_t timestr2time (const char *timestr)
{
[...]
#if defined(HAVE_TIMEGM) && HAVE_TIMEGM
sec = timegm (&t);
#else
{
char tzstr[31+1];
char *tz;
tz = getenv("TZ");
snprintf (tzstr, sizeof (tzstr), "TZ=%s", "UTC");
putenv (tzstr);
tzset();
sec = mktime(&t);
if (tz)
snprintf (tzstr, sizeof (tzstr), "TZ=%s", tz);
else
snprintf (tzstr, sizeof (tzstr), "TZ=%s", "");
putenv (tzstr);
tzset();
}
#endif
[...]
}
This code is broken in at least two ways:
1.) It assumes that "tz" is still valid after putenv(3). It is however entirely possible that the call to putenv(3) resulted in the deallocation of the memory previously used by the "TZ" environment variable.
2.) It uses putenv(3) with a buffer on the stack. This buffer will remain part of the environment until the next call to putenv(3). As a result one of the string in the environment will point to a no longer valid section of memory after this function exits.