diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-01-03 22:26:52 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-01-19 14:18:34 +0100 |
| commit | 30927a24848c4d727f7619cc74b878f098cdd724 (patch) | |
| tree | 5deb8cf9fa92762406f4ee25447e6a312b3f4ed0 /src/basic | |
| parent | c4899ea427fe93b5b2beac8ab10bfee7dfbf2021 (diff) | |
| download | systemd-30927a24848c4d727f7619cc74b878f098cdd724.tar.gz | |
Allow control characters in environment variable values
So far, we would allow certain control characters (NL since
b4346b9a77bc6129dd3e, TAB since 6294aa76d818e831de45), but not others. Having
other control characters in environment variable *value* is expected and widely
used, for various prompts like $LESS, $LESS_TERMCAP_*, and other similar
variables. The typical environment exported by bash already contains a dozen or
so such variables, so programs need to handle them.
We handle then correctly too, for example in 'systemctl show-environment',
since 804ee07c1370d49aa9a. But we would still disallow setting such variables
by the user, in unit file Environment= and in set-environment/import-environment
operations. This is unexpected and confusing and doesn't help with anything
because such variables are present in the environment through other means.
When printing such variables, 'show-environment' escapes all special
characters, so variables with control characters are plainly visible.
In other uses, e.g. 'cat -v' can be used in similar fashion. This would already
need to be done to suppress color codes starting with \[.
Note that we still forbid invalid utf-8 with this patch. (Control characters
are valid, since they are valid 7-bit ascii.) I'm not sure if we should do
that, but since people haven't been actually asking for invalid utf-8, and only
for control characters, and invalid utf-8 causes other issues, I think it's OK
to leave this unchanged.
Fixes #4446, https://gitlab.gnome.org/GNOME/gnome-session/-/issues/45.
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/env-util.c | 21 |
1 files changed, 8 insertions, 13 deletions
diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 03bdba022d..96c024afd7 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -57,16 +57,13 @@ bool env_value_is_valid(const char *e) { if (!utf8_is_valid(e)) return false; - /* bash allows tabs and newlines in environment variables, and so - * should we */ - if (string_has_cc(e, "\t\n")) - return false; + /* Note that variable *values* may contain control characters, in particular NL, TAB, BS, DEL, ESC… + * When printing those variables with show-environment, we'll escape them. Make sure to print + * environment variables carefully! */ - /* POSIX says the overall size of the environment block cannot - * be > ARG_MAX, an individual assignment hence cannot be - * either. Discounting the shortest possible variable name of - * length 1, the equal sign and trailing NUL this hence leaves - * ARG_MAX-3 as longest possible variable value. */ + /* POSIX says the overall size of the environment block cannot be > ARG_MAX, an individual assignment + * hence cannot be either. Discounting the shortest possible variable name of length 1, the equal + * sign and trailing NUL this hence leaves ARG_MAX-3 as longest possible variable value. */ if (strlen(e) > sc_arg_max() - 3) return false; @@ -86,10 +83,8 @@ bool env_assignment_is_valid(const char *e) { if (!env_value_is_valid(eq + 1)) return false; - /* POSIX says the overall size of the environment block cannot - * be > ARG_MAX, hence the individual variable assignments - * cannot be either, but let's leave room for one trailing NUL - * byte. */ + /* POSIX says the overall size of the environment block cannot be > ARG_MAX, hence the individual + * variable assignments cannot be either, but let's leave room for one trailing NUL byte. */ if (strlen(e) > sc_arg_max() - 1) return false; |