+72
-9
lines changedFilter options
+72
-9
lines changed Original file line number Diff line number Diff line change
@@ -1200,8 +1200,12 @@ def _execute_child(self, args, executable, preexec_fn, close_fds,
1200 1200
# and pass it to fork_exec()
1201 1201 1202 1202
if env is not None:
1203 -
env_list = [os.fsencode(k) + b'=' + os.fsencode(v)
1204 -
for k, v in env.items()]
1203 +
env_list = []
1204 +
for k, v in env.items():
1205 +
k = os.fsencode(k)
1206 +
if b'=' in k:
1207 +
raise ValueError("illegal environment variable name")
1208 +
env_list.append(k + b'=' + os.fsencode(v))
1205 1209
else:
1206 1210
env_list = None # Use execv instead of execve.
1207 1211
executable = os.fsencode(executable)
@@ -634,6 +634,46 @@ def test_empty_env(self):
634 634
# environment
635 635
b"['__CF_USER_TEXT_ENCODING']"))
636 636 637 +
def test_invalid_cmd(self):
638 +
# null character in the command name
639 +
cmd = sys.executable + '\0'
640 +
with self.assertRaises(ValueError):
641 +
subprocess.Popen([cmd, "-c", "pass"])
642 + 643 +
# null character in the command argument
644 +
with self.assertRaises(ValueError):
645 +
subprocess.Popen([sys.executable, "-c", "pass#\0"])
646 + 647 +
def test_invalid_env(self):
648 +
# null character in the enviroment variable name
649 +
newenv = os.environ.copy()
650 +
newenv["FRUIT\0VEGETABLE"] = "cabbage"
651 +
with self.assertRaises(ValueError):
652 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
653 + 654 +
# null character in the enviroment variable value
655 +
newenv = os.environ.copy()
656 +
newenv["FRUIT"] = "orange\0VEGETABLE=cabbage"
657 +
with self.assertRaises(ValueError):
658 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
659 + 660 +
# equal character in the enviroment variable name
661 +
newenv = os.environ.copy()
662 +
newenv["FRUIT=ORANGE"] = "lemon"
663 +
with self.assertRaises(ValueError):
664 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
665 + 666 +
# equal character in the enviroment variable value
667 +
newenv = os.environ.copy()
668 +
newenv["FRUIT"] = "orange=lemon"
669 +
with subprocess.Popen([sys.executable, "-c",
670 +
'import sys, os;'
671 +
'sys.stdout.write(os.getenv("FRUIT"))'],
672 +
stdout=subprocess.PIPE,
673 +
env=newenv) as p:
674 +
stdout, stderr = p.communicate()
675 +
self.assertEqual(stdout, b"orange=lemon")
676 + 637 677
def test_communicate_stdin(self):
638 678
p = subprocess.Popen([sys.executable, "-c",
639 679
'import sys;'
@@ -59,6 +59,9 @@ Extension Modules
59 59
Library
60 60
-------
61 61 62 +
- [Security] bpo-30730: Prevent environment variables injection in subprocess on
63 +
Windows. Prevent passing other environment variables and command arguments.
64 + 62 65
- [Security] bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes
63 66
of multiple security vulnerabilities including: CVE-2017-9233 (External
64 67
entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix),
@@ -744,6 +744,20 @@ getenvironment(PyObject* environment)
744 744
"environment can only contain strings");
745 745
goto error;
746 746
}
747 +
if (PyUnicode_FindChar(key, '\0', 0, PyUnicode_GET_LENGTH(key), 1) != -1 ||
748 +
PyUnicode_FindChar(value, '\0', 0, PyUnicode_GET_LENGTH(value), 1) != -1)
749 +
{
750 +
PyErr_SetString(PyExc_ValueError, "embedded null character");
751 +
goto error;
752 +
}
753 +
/* Search from index 1 because on Windows starting '=' is allowed for
754 +
defining hidden environment variables. */
755 +
if (PyUnicode_GET_LENGTH(key) == 0 ||
756 +
PyUnicode_FindChar(key, '=', 1, PyUnicode_GET_LENGTH(key), 1) != -1)
757 +
{
758 +
PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
759 +
goto error;
760 +
}
747 761
if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(key) - 1) {
748 762
PyErr_SetString(PyExc_OverflowError, "environment too long");
749 763
goto error;
@@ -830,7 +844,8 @@ _winapi_CreateProcess_impl(PyObject *module, Py_UNICODE *application_name,
830 844
PROCESS_INFORMATION pi;
831 845
STARTUPINFOW si;
832 846
PyObject* environment;
833 -
wchar_t *wenvironment;
847 +
const wchar_t *wenvironment;
848 +
Py_ssize_t wenvironment_size;
834 849 835 850
ZeroMemory(&si, sizeof(si));
836 851
si.cb = sizeof(si);
@@ -846,12 +861,13 @@ _winapi_CreateProcess_impl(PyObject *module, Py_UNICODE *application_name,
846 861 847 862
if (env_mapping != Py_None) {
848 863
environment = getenvironment(env_mapping);
849 -
if (! environment)
864 +
if (environment == NULL) {
850 865
return NULL;
866 +
}
867 +
/* contains embedded null characters */
851 868
wenvironment = PyUnicode_AsUnicode(environment);
852 -
if (wenvironment == NULL)
853 -
{
854 -
Py_XDECREF(environment);
869 +
if (wenvironment == NULL) {
870 +
Py_DECREF(environment);
855 871
return NULL;
856 872
}
857 873
}
@@ -2825,8 +2825,8 @@ _PySequence_BytesToCharpArray(PyObject* self)
2825 2825
array[i] = NULL;
2826 2826
goto fail;
2827 2827
}
2828 -
data = PyBytes_AsString(item);
2829 -
if (data == NULL) {
2828 +
/* check for embedded null bytes */
2829 +
if (PyBytes_AsStringAndSize(item, &data, NULL) < 0) {
2830 2830
/* NULL terminate before freeing. */
2831 2831
array[i] = NULL;
2832 2832
goto fail;
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4