+72
-9
lines changedFilter options
+72
-9
lines changed Original file line number Diff line number Diff line change
@@ -1238,8 +1238,12 @@ def _execute_child(self, args, executable, preexec_fn, close_fds,
1238 1238
# and pass it to fork_exec()
1239 1239 1240 1240
if env is not None:
1241 -
env_list = [os.fsencode(k) + b'=' + os.fsencode(v)
1242 -
for k, v in env.items()]
1241 +
env_list = []
1242 +
for k, v in env.items():
1243 +
k = os.fsencode(k)
1244 +
if b'=' in k:
1245 +
raise ValueError("illegal environment variable name")
1246 +
env_list.append(k + b'=' + os.fsencode(v))
1243 1247
else:
1244 1248
env_list = None # Use execv instead of execve.
1245 1249
executable = os.fsencode(executable)
@@ -655,6 +655,46 @@ def is_env_var_to_ignore(n):
655 655
if not is_env_var_to_ignore(k)]
656 656
self.assertEqual(child_env_names, [])
657 657 658 +
def test_invalid_cmd(self):
659 +
# null character in the command name
660 +
cmd = sys.executable + '\0'
661 +
with self.assertRaises(ValueError):
662 +
subprocess.Popen([cmd, "-c", "pass"])
663 + 664 +
# null character in the command argument
665 +
with self.assertRaises(ValueError):
666 +
subprocess.Popen([sys.executable, "-c", "pass#\0"])
667 + 668 +
def test_invalid_env(self):
669 +
# null character in the enviroment variable name
670 +
newenv = os.environ.copy()
671 +
newenv["FRUIT\0VEGETABLE"] = "cabbage"
672 +
with self.assertRaises(ValueError):
673 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
674 + 675 +
# null character in the enviroment variable value
676 +
newenv = os.environ.copy()
677 +
newenv["FRUIT"] = "orange\0VEGETABLE=cabbage"
678 +
with self.assertRaises(ValueError):
679 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
680 + 681 +
# equal character in the enviroment variable name
682 +
newenv = os.environ.copy()
683 +
newenv["FRUIT=ORANGE"] = "lemon"
684 +
with self.assertRaises(ValueError):
685 +
subprocess.Popen([sys.executable, "-c", "pass"], env=newenv)
686 + 687 +
# equal character in the enviroment variable value
688 +
newenv = os.environ.copy()
689 +
newenv["FRUIT"] = "orange=lemon"
690 +
with subprocess.Popen([sys.executable, "-c",
691 +
'import sys, os;'
692 +
'sys.stdout.write(os.getenv("FRUIT"))'],
693 +
stdout=subprocess.PIPE,
694 +
env=newenv) as p:
695 +
stdout, stderr = p.communicate()
696 +
self.assertEqual(stdout, b"orange=lemon")
697 + 658 698
def test_communicate_stdin(self):
659 699
p = subprocess.Popen([sys.executable, "-c",
660 700
'import sys;'
@@ -374,6 +374,9 @@ Extension Modules
374 374
Library
375 375
-------
376 376 377 +
- [Security] bpo-30730: Prevent environment variables injection in subprocess on
378 +
Windows. Prevent passing other environment variables and command arguments.
379 + 377 380
- bpo-21071: struct.Struct.format type is now :class:`str` instead of
378 381
:class:`bytes`.
379 382
@@ -744,6 +744,20 @@ getenvironment(PyObject* environment)
744 744
"environment can only contain strings");
745 745
goto error;
746 746
}
747 +
if (PyUnicode_FindChar(key, '\0', 0, PyUnicode_GET_LENGTH(key), 1) != -1 ||
748 +
PyUnicode_FindChar(value, '\0', 0, PyUnicode_GET_LENGTH(value), 1) != -1)
749 +
{
750 +
PyErr_SetString(PyExc_ValueError, "embedded null character");
751 +
goto error;
752 +
}
753 +
/* Search from index 1 because on Windows starting '=' is allowed for
754 +
defining hidden environment variables. */
755 +
if (PyUnicode_GET_LENGTH(key) == 0 ||
756 +
PyUnicode_FindChar(key, '=', 1, PyUnicode_GET_LENGTH(key), 1) != -1)
757 +
{
758 +
PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
759 +
goto error;
760 +
}
747 761
if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(key) - 1) {
748 762
PyErr_SetString(PyExc_OverflowError, "environment too long");
749 763
goto error;
@@ -830,7 +844,8 @@ _winapi_CreateProcess_impl(PyObject *module, Py_UNICODE *application_name,
830 844
PROCESS_INFORMATION pi;
831 845
STARTUPINFOW si;
832 846
PyObject* environment;
833 -
wchar_t *wenvironment;
847 +
const wchar_t *wenvironment;
848 +
Py_ssize_t wenvironment_size;
834 849 835 850
ZeroMemory(&si, sizeof(si));
836 851
si.cb = sizeof(si);
@@ -846,12 +861,13 @@ _winapi_CreateProcess_impl(PyObject *module, Py_UNICODE *application_name,
846 861 847 862
if (env_mapping != Py_None) {
848 863
environment = getenvironment(env_mapping);
849 -
if (! environment)
864 +
if (environment == NULL) {
850 865
return NULL;
866 +
}
867 +
/* contains embedded null characters */
851 868
wenvironment = PyUnicode_AsUnicode(environment);
852 -
if (wenvironment == NULL)
853 -
{
854 -
Py_XDECREF(environment);
869 +
if (wenvironment == NULL) {
870 +
Py_DECREF(environment);
855 871
return NULL;
856 872
}
857 873
}
@@ -2558,8 +2558,8 @@ _PySequence_BytesToCharpArray(PyObject* self)
2558 2558
array[i] = NULL;
2559 2559
goto fail;
2560 2560
}
2561 -
data = PyBytes_AsString(item);
2562 -
if (data == NULL) {
2561 +
/* check for embedded null bytes */
2562 +
if (PyBytes_AsStringAndSize(item, &data, NULL) < 0) {
2563 2563
/* NULL terminate before freeing. */
2564 2564
array[i] = NULL;
2565 2565
goto fail;
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4