From 61ae0a37a8c96e2b1745594e477244100f1a7046 Mon Sep 17 00:00:00 2001 From: Damien Neil Date: Mon, 17 Oct 2022 17:38:29 -0700 Subject: syscall, os/exec: reject environment variables containing NULs Check for and reject environment variables containing NULs. The conventions for passing environment variables to subprocesses cause most or all systems to interpret a NUL as a separator. The syscall package rejects environment variables containing a NUL on most systems, but erroniously did not do so on Windows. This causes an environment variable such as "FOO=a\x00BAR=b" to be interpreted as "FOO=a", "BAR=b". Check for and reject NULs in environment variables passed to syscall.StartProcess on Windows. Add a redundant check to os/exec as extra insurance. Fixes #56284 Fixes CVE-2022-41716 Change-Id: I2950e2b0cb14ebd26e5629be1521858f66a7d4ae Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1609434 Run-TryBot: Damien Neil Reviewed-by: Tatiana Bradley Reviewed-by: Roland Shoemaker TryBot-Result: Security TryBots Reviewed-on: https://go-review.googlesource.com/c/go/+/446916 Reviewed-by: Tatiana Bradley TryBot-Result: Gopher Robot Run-TryBot: Matthew Dempsky Reviewed-by: Heschi Kreinick --- src/os/exec/exec_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/os/exec/exec_test.go') diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go index a4ac658d1c..3c1fffd951 100644 --- a/src/os/exec/exec_test.go +++ b/src/os/exec/exec_test.go @@ -1027,6 +1027,15 @@ func TestDedupEnvEcho(t *testing.T) { } } +func TestEnvNULCharacter(t *testing.T) { + cmd := helperCommand(t, "echoenv", "FOO", "BAR") + cmd.Env = append(cmd.Environ(), "FOO=foo\x00BAR=bar") + out, err := cmd.CombinedOutput() + if err == nil { + t.Errorf("output = %q; want error", string(out)) + } +} + func TestString(t *testing.T) { t.Parallel() -- cgit v1.3-5-g9baa