diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2017-06-25 04:33:01 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-25 04:33:01 (GMT) |
| commit | 77703942c5997dff00c48f10df1b29b11645624c (patch) | |
| tree | 58481f08535f9be849539c70bcdce3192a9fcbfa /Modules/posixmodule.c | |
| parent | 1ba9469e9fdff0c52ba19b1e13a9c4b7235fc9eb (diff) | |
| download | cpython-77703942c5997dff00c48f10df1b29b11645624c.zip cpython-77703942c5997dff00c48f10df1b29b11645624c.tar.gz cpython-77703942c5997dff00c48f10df1b29b11645624c.tar.bz2 | |
bpo-30746: Prohibited the '=' character in environment variable names (#2382)
in `os.putenv()` and `os.spawn*()`.
Diffstat (limited to 'Modules/posixmodule.c')
| -rw-r--r-- | Modules/posixmodule.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index e7dd480..79efb4c 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -4894,6 +4894,14 @@ parse_envlist(PyObject* env, Py_ssize_t *envc_ptr) Py_DECREF(key2); goto error; } + /* Search from index 1 because on Windows starting '=' is allowed for + defining hidden environment variables. */ + if (PyUnicode_GET_LENGTH(key2) == 0 || + PyUnicode_FindChar(key2, '=', 1, PyUnicode_GET_LENGTH(key2), 1) != -1) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + goto error; + } keyval = PyUnicode_FromFormat("%U=%U", key2, val2); #else if (!PyUnicode_FSConverter(key, &key2)) @@ -4902,6 +4910,12 @@ parse_envlist(PyObject* env, Py_ssize_t *envc_ptr) Py_DECREF(key2); goto error; } + if (PyBytes_GET_SIZE(key2) == 0 || + strchr(PyBytes_AS_STRING(key2) + 1, '=') != NULL) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + goto error; + } keyval = PyBytes_FromFormat("%s=%s", PyBytes_AS_STRING(key2), PyBytes_AS_STRING(val2)); #endif @@ -8985,9 +8999,16 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) { const wchar_t *env; + /* Search from index 1 because on Windows starting '=' is allowed for + defining hidden environment variables. */ + if (PyUnicode_GET_LENGTH(name) == 0 || + PyUnicode_FindChar(name, '=', 1, PyUnicode_GET_LENGTH(name), 1) != -1) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + return NULL; + } PyObject *unicode = PyUnicode_FromFormat("%U=%U", name, value); if (unicode == NULL) { - PyErr_NoMemory(); return NULL; } if (_MAX_ENV < PyUnicode_GET_LENGTH(unicode)) { @@ -9029,12 +9050,15 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) { PyObject *bytes = NULL; char *env; - const char *name_string = PyBytes_AsString(name); - const char *value_string = PyBytes_AsString(value); + const char *name_string = PyBytes_AS_STRING(name); + const char *value_string = PyBytes_AS_STRING(value); + if (strchr(name_string, '=') != NULL) { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + return NULL; + } bytes = PyBytes_FromFormat("%s=%s", name_string, value_string); if (bytes == NULL) { - PyErr_NoMemory(); return NULL; } |