Bug#465453: marked as done (asterisk: illegal free(env_var) after putenv(env_var))

Mon, 06 Aug 2012 00:18:15 -0700 

Your message dated Mon, 6 Aug 2012 09:15:07 +0200
with message-id 
<CAAgy_VkOyp-iyujC-3fm_wCvan=qb2b-dzoon2zqvkxpgu7...@mail.gmail.com>
and subject line closing "old" bugs
has caused the Debian Bug report #465453,
regarding asterisk: illegal free(env_var) after putenv(env_var)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
465453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465453
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: asterisk
Version: 1:1.2.13~dfsg-2etch2
Severity: normal
Tags: patch

In res/res_odbc.c putenv(env_var) is followed by free(env_var). This leads to 
illegal memory accesses which can be observed with valgrind.

putenv(3) manual states:
       The  libc4  and libc5 and glibc 2.1.2 versions conform to SUSv2: the 
pointer string given to putenv() is used.  In particular, this string becomes 
part of the environment; changing it
       later will change the environment.  (Thus, it is an error is to call 
putenv() with an automatic variable as the argument, then return from the 
calling function while string  is  still
       part  of  the  environment.)  However, glibc 2.0-2.1.1 differs: a copy 
of the string is used.  On the one hand this causes a memory leak, and on the 
other hand it violates SUSv2. This
       has been fixed in glibc2.1.2.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22.7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages asterisk depends on:
ii  adduser            3.102                 Add and remove users and groups
ii  asterisk-classic   1:1.2.13~dfsg-2etch2  Open Source Private Branch Exchang

asterisk recommends no packages.

-- no debconf information

Attachment: putenv_free.dpatch
Description: application/shellscript


--- End Message ---
--- Begin Message --- 
X-CrossAssassin-Score: 17558

--- End Message ---

Reply via email to