unsetenv.txt

` o unsetenv() off-by-one error:  
The unsetenv function in glibc 2.1.1 suffers from a problem whereby  
when running through the environment variables, if the name of the  
variable being unset is present twice consecutively, the second is  
not destroyed.  
  
unsetenv is sometimes used by programs that depend on it clearing out  
variables for protection against evil environment variables.  
  
It appears as though this was found by someone else before I stumbled  
across it; glibc 2.1.2 should not be vulnerable.  
  
To see if your libc has the problem, compile and run the following  
program:  
  
#include <stdlib.h>  
#include <stdio.h>  
  
extern char **environ;  
  
int main()  
{  
char *env[] = {  
"bob=trash",  
"bob=uh-oh",  
NULL  
};  
  
environ = env;  
  
printf("bob = %s\n", env[0]);  
  
unsetenv("bob");  
  
printf("bob = %s\n", getenv("bob"));  
  
return 0;  
}  
  
If the output isn't "bob = (null)", unsetenv() isn't doing its job.  
(also note that not all libc's support unsetenv, or even the environ  
variable, so this may not compile/link on many non-glibc systems).  
`