New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Posix getenv makes no guarantee of lifetime of returned string #66879
Comments
Posix says the following on the subject of getenv:
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/getenv.html) Unfortunately, in Modules/getpath.c: static void
calculate_path(void)
{
[...]
char *_rtpypath = Py_GETENV("PYTHONPATH"); /* XXX use wide version on Windows */
wchar_t *rtpypath = NULL;
wchar_t *home = Py_GetPythonHome();
char *_path = getenv("PATH"); So 3 potential getenv calls in quick succession, meaning _rtpypath and home can become junk before they get used and Python crashes before it can start up (it becomes unable to find the site module). Unfortunately it looks like the assumption that getenv pointers will remain safe forever is used in a few places in python. Explicit notes on the correct use of getenv: https://www.securecoding.cert.org/confluence/display/seccode/ENV34-C.+Do+not+store+pointers+returned+by+certain+functions Someone's apparently seen this before (but didn't report it?) - http://sourceforge.net/p/edk2/mailman/edk2-devel/thread/66BD57653246D24E9698B0A6509545A86DDB863C@ORSMSX109.amr.corp.intel.com/ |
In case it matters, I'm compiling using Emscripten which implements getenv like so: https://github.com/kripken/emscripten/blob/1.25.2/src/library.js#L3323 (I personally think it's a bizarre way to do it, but technically I think it's ok?) |
Python now copies the env var. In master, Modules/main.c: int res = config_get_env_var_dup(&path, L"PYTHONPATH", "PYTHONPATH"); Moreover, bytes are decoded to Unicode (wchar_t) on UNIX. This issue is now 4 years old and Serhiy just fixed one issue, so I close the issue. Even if there is a risk of an issue, nobody came up with a concrete way to trigger a bug, so I don't think that it's a big issue. For example, the reported bug was on Py_GETENV("PYTHONPATH"), whereas this code is critical for Python: if it fails, everybody will complain. Except that since the bug has been reported, nobody ever saw an issue with this code. The code is part of the early code to initialize Python, when there is not possible to execute arbitrary code nor have a second thread, so we should be fine. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: