diff options
| author | Matthew Dempsky <mdempsky@google.com> | 2022-11-03 11:02:51 -0700 |
|---|---|---|
| committer | Matthew Dempsky <mdempsky@google.com> | 2022-11-04 01:23:16 +0000 |
| commit | bc2dc2384619d871000f9627b5d4e2bdc1dd38dc (patch) | |
| tree | 5dbd19e59037b21c724fd8ee130481a87d7eff8b /src/os/exec/exec.go | |
| parent | c1c6b0ca79233c8b7612957291c2d47d337cc2de (diff) | |
| download | go-bc2dc2384619d871000f9627b5d4e2bdc1dd38dc.tar.xz | |
os/exec: allow NUL in environment variables on Plan 9
Plan 9 uses NUL as os.PathListSeparator, so it's almost always going
to appear in the environment variable list. Exempt GOOS=plan9 from the
check for NUL in environment variables.
For #56284.
Fixes #56544.
Change-Id: I23df233cdf20c0a9a606fd9253e15a9b5482575a
Reviewed-on: https://go-review.googlesource.com/c/go/+/447715
Reviewed-by: David du Colombier <0intro@gmail.com>
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Diffstat (limited to 'src/os/exec/exec.go')
| -rw-r--r-- | src/os/exec/exec.go | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/os/exec/exec.go b/src/os/exec/exec.go index 18f265ee4e..46b09b9c0c 100644 --- a/src/os/exec/exec.go +++ b/src/os/exec/exec.go @@ -1208,15 +1208,16 @@ func (c *Cmd) Environ() []string { // dedupEnv returns a copy of env with any duplicates removed, in favor of // later values. // Items not of the normal environment "key=value" form are preserved unchanged. -// Items containing NUL characters are removed, and an error is returned along with -// the remaining values. +// Except on Plan 9, items containing NUL characters are removed, and +// an error is returned along with the remaining values. func dedupEnv(env []string) ([]string, error) { - return dedupEnvCase(runtime.GOOS == "windows", env) + return dedupEnvCase(runtime.GOOS == "windows", runtime.GOOS == "plan9", env) } // dedupEnvCase is dedupEnv with a case option for testing. // If caseInsensitive is true, the case of keys is ignored. -func dedupEnvCase(caseInsensitive bool, env []string) ([]string, error) { +// If nulOK is false, items containing NUL characters are allowed. +func dedupEnvCase(caseInsensitive, nulOK bool, env []string) ([]string, error) { // Construct the output in reverse order, to preserve the // last occurrence of each key. var err error @@ -1225,10 +1226,13 @@ func dedupEnvCase(caseInsensitive bool, env []string) ([]string, error) { for n := len(env); n > 0; n-- { kv := env[n-1] - if strings.IndexByte(kv, 0) != -1 { + // Reject NUL in environment variables to prevent security issues (#56284); + // except on Plan 9, which uses NUL as os.PathListSeparator (#56544). + if !nulOK && strings.IndexByte(kv, 0) != -1 { err = errors.New("exec: environment variable contains NUL") continue } + i := strings.Index(kv, "=") if i == 0 { // We observe in practice keys with a single leading "=" on Windows. |