Package: asterisk Version: 1:1.2.13~dfsg-2etch2 Severity: normal Tags: patch
In res/res_odbc.c putenv(env_var) is followed by free(env_var). This leads to
illegal memory accesses which can be observed with valgrind.
putenv(3) manual states:
The libc4 and libc5 and glibc 2.1.2 versions conform to SUSv2: the
pointer string given to putenv() is used. In particular, this string becomes
part of the environment; changing it
later will change the environment. (Thus, it is an error is to call
putenv() with an automatic variable as the argument, then return from the
calling function while string is still
part of the environment.) However, glibc 2.0-2.1.1 differs: a copy
of the string is used. On the one hand this causes a memory leak, and on the
other hand it violates SUSv2. This
has been fixed in glibc2.1.2.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22.7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages asterisk depends on:
ii adduser 3.102 Add and remove users and groups
ii asterisk-classic 1:1.2.13~dfsg-2etch2 Open Source Private Branch Exchang
asterisk recommends no packages.
-- no debconf information
putenv_free.dpatch
Description: application/shellscript
