From d5b1c5ed8bd9515505d4177f105c19ea375106ae Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers3@gmail.com>
Date: Wed, 7 Jan 2015 12:10:52 +0530
Subject: setenv fix memory leak when setting large, duplicate string (BZ
 #17658)

glibc maintains a binary tree of environment strings it malloc()ed
itself.  However, it's possible for it to malloc() a string, then find
that an identical string is already in the tree.  In this case, the
memory is leaked and is not freed if the application later calls
__libc_freeres().  Fix this by freeing 'new_value' when it's unneeded.

Test case:
	#include <stdlib.h>
	#include <string.h>

	int main()
	{
		char *p = calloc(100000, 1);
		memset(p, 'A', 99999);
		setenv("TESTVAR", p, 1);
		setenv("TESTVAR", p, 1);
		free(p);
	}

Leak that was reported by valgrind:
	100,008 bytes in 1 blocks are definitely lost in loss record 1 of 1
	   at 0x4C29F90: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
	   by 0x4E6B3D4: __add_to_environ (setenv.c:176)
	   by 0x4C31B8F: setenv (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
	   by 0x400642: main (in /mnt/tmpfs/a.out)
---
 ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 9ca4f27338..653dfdd389 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-01-07  Eric Biggers  <ebiggers3@gmail.com>
+
+	[BZ #17658]
+	* stdlib/setenv.c: Fix memory leak when setting large,
+	duplicate string.
+
 2015-01-06  Vladimir A. Nazarenko  <naszar@ya.ru>
 
 .	[BZ #17273]
-- 
cgit v1.2.3