New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
putenv() accepts names containing '=', return value of unsetenv() not checked #49176
Comments
One of these problems interacts with the other, and can cause The way this interacts with os.unsetenv() is that the string The problem with os.unsetenv() is that it does not check the This is a bit tricky to give a visible demonstration of, but the The other two attached diffs fix the problems (for 2.x and 3.x |
As patches were originally provided would someone kindly review them. |
The patch actually does 2 things:
Also, some unit tests would be appreciated |
Unit tests were in the patch! However, none of the patches Unsetting a nonexistent variable isn't supposed to be an error I did however find one more case where that can happen, which is To avoid a use-after-free problem similar to the embedded-'=' Checking unsetenv()'s return value would avoid the use-after-free |
@david: I couldn't apply the patches directly with tortoisesvn cos of the git format so tried to do them manually but failed. E.g. in test_os I couldn't find PYTHONTESTVAROS to insert the two new lines after and in test_posix couldn't find PYTHONTESTVARB. Am I having a bad day at the office or did you have one yesterday? :) |
You're having a bad day at the office :) Just use "patch -p1". |
AFAICT, on Windows using the posix_putenv_garbage dict is unnecessary. The Windows C runtime creates a private copy of the string, so there's no need to keep a reference. Moreover, since there's no unsetenv, deleting a variable is accomplished by calling putenv with an empty value, e.g. putenv('foo', ''). This leaks an item in posix_putenv_garbage, which is left set as ('foo', 'foo='). |
The part of this issue ('=' in putenv()) is fixed in bpo-30746. |
The original issues seem fixed. As for leaks in posix_putenv_garbage on Windows, it is better to open a new issue for this. |
posix_putenv_garbage no longer used on Windows. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: