[bug #59601] buffer over-read on malformed environment variable

[eric lagergren]

URL:
  <https://savannah.gnu.org/bugs/?59601>

                 Summary: buffer over-read on malformed environment variable
                 Project: make
            Submitted by: elagergren_so
            Submitted on: Wed 02 Dec 2020 08:00:31 PM UTC
                Severity: 3 - Normal
              Item Group: Bug
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
       Component Version: 4.3
        Operating System: Any
           Fixed Release: None
           Triage Status: None

    _______________________________________________________

Details:

If Make encounters an environment variable without an equals sign it will read
past the end of `ep` (on 4.3, main.c:1364).

To repro, compile then provide the path to `make`:


#include <stdio.h>
#include <unistd.h>

int main(int argc, const char** argv) {
    if (argc != 2) {
        fprintf(stderr, "test.c: must provide exactly one argument\n");
        return 1;
    }
    char* const args[] = {NULL};
    char* const envp[] = {"CRASH", NULL};
    execve(argv[1], args, envp);
    perror("execve");
    return 0;
}


Tested Make versions 4.2.1 (default on Debian Buster), 4.3.1 (compiled from
source on Debian Buster), and 3.81 (macOS 19.6.0).



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 02 Dec 2020 08:00:31 PM UTC  Name: repro.c  Size: 343B   By:
elagergren_so

<http://savannah.gnu.org/bugs/download.php?file_id=50380>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?59601>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/