diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2017-06-25 06:49:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-06-25 06:49:15 (GMT) |
| commit | 9c2dc0c58a878ac3d1c44dd0048f8e1cfab2790e (patch) | |
| tree | 209a2e6a745b9e1aecdca7b62486fa1360a4e70d /Modules | |
| parent | 57ee0c8c9e73c3405a0343e1a05cba673ac7f8cb (diff) | |
| download | cpython-9c2dc0c58a878ac3d1c44dd0048f8e1cfab2790e.zip cpython-9c2dc0c58a878ac3d1c44dd0048f8e1cfab2790e.tar.gz cpython-9c2dc0c58a878ac3d1c44dd0048f8e1cfab2790e.tar.bz2 | |
[3.6] bpo-30746: Prohibited the '=' character in environment variable names (GH-2382) (#2391)
in `os.putenv()` and `os.spawn*()`..
(cherry picked from commit 77703942c5997dff00c48f10df1b29b11645624c)
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/posixmodule.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index 11aaeef..0337890 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -4817,6 +4817,14 @@ parse_envlist(PyObject* env, Py_ssize_t *envc_ptr) Py_DECREF(key2); goto error; } + /* Search from index 1 because on Windows starting '=' is allowed for + defining hidden environment variables. */ + if (PyUnicode_GET_LENGTH(key2) == 0 || + PyUnicode_FindChar(key2, '=', 1, PyUnicode_GET_LENGTH(key2), 1) != -1) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + goto error; + } keyval = PyUnicode_FromFormat("%U=%U", key2, val2); #else if (!PyUnicode_FSConverter(key, &key2)) @@ -4825,6 +4833,12 @@ parse_envlist(PyObject* env, Py_ssize_t *envc_ptr) Py_DECREF(key2); goto error; } + if (PyBytes_GET_SIZE(key2) == 0 || + strchr(PyBytes_AS_STRING(key2) + 1, '=') != NULL) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + goto error; + } keyval = PyBytes_FromFormat("%s=%s", PyBytes_AS_STRING(key2), PyBytes_AS_STRING(val2)); #endif @@ -8864,9 +8878,16 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) { const wchar_t *env; + /* Search from index 1 because on Windows starting '=' is allowed for + defining hidden environment variables. */ + if (PyUnicode_GET_LENGTH(name) == 0 || + PyUnicode_FindChar(name, '=', 1, PyUnicode_GET_LENGTH(name), 1) != -1) + { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + return NULL; + } PyObject *unicode = PyUnicode_FromFormat("%U=%U", name, value); if (unicode == NULL) { - PyErr_NoMemory(); return NULL; } if (_MAX_ENV < PyUnicode_GET_LENGTH(unicode)) { @@ -8908,12 +8929,15 @@ os_putenv_impl(PyObject *module, PyObject *name, PyObject *value) { PyObject *bytes = NULL; char *env; - const char *name_string = PyBytes_AsString(name); - const char *value_string = PyBytes_AsString(value); + const char *name_string = PyBytes_AS_STRING(name); + const char *value_string = PyBytes_AS_STRING(value); + if (strchr(name_string, '=') != NULL) { + PyErr_SetString(PyExc_ValueError, "illegal environment variable name"); + return NULL; + } bytes = PyBytes_FromFormat("%s=%s", name_string, value_string); if (bytes == NULL) { - PyErr_NoMemory(); return NULL; } |