| commit | 03f63339cdd506051f1671d5ec844a7f1646c063 | |
| author | Ben Kibbey <bjk@luxsci.net> | |
| Sun, 5 Feb 2017 01:43:53 +0000 (4 20:43 -0500) | ||
| committer | Ben Kibbey <bjk@luxsci.net> | |
| Sun, 5 Feb 2017 01:43:53 +0000 (4 20:43 -0500) | ||
| tree | bd3a2de503a8cca897fb8899a094f37b5261975a | treesnapshot (tar.gz zip) |
| parent | 446dbd05d853bf8f031d3843c0ca1578cb72f5b9 | commitdiff |
Use putenv() rather than setenv().
Most environment handling implementations aren't thread-safe and can
lead to crashes do to an invalid pointer reference. The putenv()
function instead uses a variable provided by the application and
getenv() references this variable rather than a pointer (in glibc at
least).
Using putenv() still has the problem of the possibility of the variable
being accessed by one thread while being modified by another (incomplete
copy of a value to the variable), but this is less likely than the
invalid pointer reference problem.
A proper fix would be to set the pinentry environment for each gpgme
context but that is not possible without a minor gpgme change that
requires major gpgme API version bump.
Also unset DISPLAY, GPG_TTY and TERM before pwmd fork()'s.
Most environment handling implementations aren't thread-safe and can
lead to crashes do to an invalid pointer reference. The putenv()
function instead uses a variable provided by the application and
getenv() references this variable rather than a pointer (in glibc at
least).
Using putenv() still has the problem of the possibility of the variable
being accessed by one thread while being modified by another (incomplete
copy of a value to the variable), but this is less likely than the
invalid pointer reference problem.
A proper fix would be to set the pinentry environment for each gpgme
context but that is not possible without a minor gpgme change that
requires major gpgme API version bump.
Also unset DISPLAY, GPG_TTY and TERM before pwmd fork()'s.
| src/commands.c | diffblobblamehistory | |
| src/pwmd.c | diffblobblamehistory |