Package: asterisk Version: 1:1.2.13~dfsg-2etch2 Severity: normal Tags: patch
In res/res_odbc.c putenv(env_var) is followed by free(env_var). This leads to illegal memory accesses which can be observed with valgrind. putenv(3) manual states: The libc4 and libc5 and glibc 2.1.2 versions conform to SUSv2: the pointer string given to putenv() is used. In particular, this string becomes part of the environment; changing it later will change the environment. (Thus, it is an error is to call putenv() with an automatic variable as the argument, then return from the calling function while string is still part of the environment.) However, glibc 2.0-2.1.1 differs: a copy of the string is used. On the one hand this causes a memory leak, and on the other hand it violates SUSv2. This has been fixed in glibc2.1.2. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22.7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages asterisk depends on: ii adduser 3.102 Add and remove users and groups ii asterisk-classic 1:1.2.13~dfsg-2etch2 Open Source Private Branch Exchang asterisk recommends no packages. -- no debconf information
putenv_free.dpatch
Description: application/shellscript