[New-bugs-announce] [issue22689] Posix getenv makes no guarantee of lifetime of returned string

Aidan Hobson Sayers report at bugs.python.org
Tue Oct 21 23:03:44 CEST 2014

New submission from Aidan Hobson Sayers:

Posix says the following on the subject of getenv:

> The returned string pointer might be invalidated or the string content might be overwritten by a subsequent call to getenv()


Unfortunately, in Modules/getpath.c:

static void
    char *_rtpypath = Py_GETENV("PYTHONPATH"); /* XXX use wide version on Windows */
    wchar_t *rtpypath = NULL;
    wchar_t *home = Py_GetPythonHome();
    char *_path = getenv("PATH");

So 3 potential getenv calls in quick succession, meaning _rtpypath and home can become junk before they get used and Python crashes before it can start up (it becomes unable to find the site module).

Unfortunately it looks like the assumption that getenv pointers will remain safe forever is used in a few places in python.

Explicit notes on the correct use of getenv: https://www.securecoding.cert.org/confluence/display/seccode/ENV34-C.+Do+not+store+pointers+returned+by+certain+functions

Someone's apparently seen this before (but didn't report it?) - http://sourceforge.net/p/edk2/mailman/edk2-devel/thread/66BD57653246D24E9698B0A6509545A86DDB863C@ORSMSX109.amr.corp.intel.com/

components: Interpreter Core
messages: 229788
nosy: aidanhs
priority: normal
severity: normal
status: open
title: Posix getenv makes no guarantee of lifetime of returned string
type: crash
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list