git.ipfire.org Git - thirdparty/squid.git/commit

Avoid putenv() problems by switching to setenv() (#2262)

Developers work around putenv() design flaws by writing more complex
code that still leaks memory (e.g., commit b1b2793 and commit 96b9d96).
We should follow putenv(3) manual page advice and use setenv() instead:

The setenv() function is strongly preferred to putenv().

Kerberos builds have been using setenv() since 2009 commit 9ca29d2.
Twenty years ago, setenv() code failed to build on Solaris (see 2005
commit cff61cb), but modern Solaris does have setenv(3).

Since setenv(3) is a standard C library _extension_ unavailable on
Windows, we provide a setenv(3) replacement for MS Windows builds. Our
replacement should work correctly in known current use cases, but acts
differently if given a variable with an empty value. This replacement
does not make things worse because the old macro trick had the same
flaw. We do not know of an easy way to support empty variable values on
Windows the way setenv(3) does.

Also fixed negotiate_kerberos_auth undefined behavior caused by freeing
memory returned by getenv() when the helper was run without `-k keytab`.

author	Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
	Fri, 3 Oct 2025 09:40:25 +0000 (09:40 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Fri, 3 Oct 2025 11:21:54 +0000 (11:21 +0000)
commit	d732d6f240624b0001b182b8f7514f649e27a09c
tree	0d608cd743cd140802bf8b4af9555711c25f976f	tree \| snapshot
parent	aa2d1c0cd37e79abaccdc8107bd1c6225efef623	commit \| diff

compat/os/mswindows.h		diff \| blob \| blame \| history
configure.ac		diff \| blob \| blame \| history
src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc		diff \| blob \| blame \| history
src/cache_cf.cc		diff \| blob \| blame \| history
src/ipc.cc		diff \| blob \| blame \| history
src/ipc_win32.cc		diff \| blob \| blame \| history