[VDPAU] [PATCH] Save the result from secure_getenv

Zach Angold zangold at nvidia.com
Thu Feb 18 00:27:41 UTC 2016 

I think I might have miscommunicated what bug I was trying to address
with this patch. Consider the following:

x = secure_getenv("foo")
y = secure_getenv("bar")
print(x)

In my understanding, the above pseudocode could print out either $foo
or $bar, depending on whether the return value of getenv() is
implemented to be statically allocated. What I'm trying to accomplish
by replacing secure_getenv with safe_secure_getenv is to (for
example) have the above print out $foo regardless of the
implementation of secure_getenv.

-- 
Zach Angold

On Wed, 17 Feb 2016, Rémi Denis-Courmont wrote:

> Le 2016-02-18 00:51, Zach Angold a écrit :
> > Thanks for your input, but there seems to be another way we can lose
> > the result from secure_getenv.
> > 
> > From the man page for getenv(3):
> >     The implementation of getenv() is not required to be reentrant.
> >     The string pointed to by the return value of getenv() may be
> >     statically allocated, and can be modified by a subsequent call
> >     to getenv(), putenv(3), setenv(3), or unsetenv(3).
> 
> I think you are missing the point here. getenv() is not strictly required to
> be reentrant in POSIX. Neither is secure_getenv(). Your patch does not fix
> that. You cannot fix that without removing getenv() *and* secure_getenv()
> everywhere in the process (which is unrealistic), and replacing it with
> someting reentrant.
> 
> In practice, getenv() and secure_getenv() are reentrant provided that the
> environment is NOT modified within the process.
> 
> > In theory we could run into problems with this since (without this
> > patch) we use the return value of secure_getenv("VDPAU_DRIVER") after
> > calling secure_getenv("VDPAU_DRIVER_PATH"). Replacing the other two
> > occurrences of secure_getenv with safe_secure_getenv has no functional
> > impact on libvdpau as it is, but it could prevent problems like this
> > in the future.
> 
> Again, if the environment is modified within the process, you are treading
> undefined behaviour already. At that point, you are screwed. You cannot fix
> it.
> 
> In practice, the return value of getenv() or secure_getenv() becomes garbage.
> 
> -- 
> Rémi Denis-Courmont
> http://www.remlab.net/
>

More information about the VDPAU mailing list