[2.7] bpo-30746: Prohibited the '=' character in environment variable names (GH-2382) (#2393)
in `os.putenv()` and `os.spawn*()`..
(cherry picked from commit 77703942c5997dff00c48f10df1b29b11645624c)
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index ffeb715..a06c56e 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -3556,6 +3556,12 @@
{
goto fail_2;
}
+ /* Search from index 1 because on Windows starting '=' is allowed for
+ defining hidden environment variables. */
+ if (*k == '\0' || strchr(k + 1, '=') != NULL) {
+ PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
+ goto fail_2;
+ }
len = PyString_Size(key) + PyString_Size(val) + 2;
p = PyMem_NEW(char, len);
if (p == NULL) {
@@ -3789,6 +3795,12 @@
{
goto fail_2;
}
+ /* Search from index 1 because on Windows starting '=' is allowed for
+ defining hidden environment variables. */
+ if (*k == '\0' || strchr(k + 1, '=') != NULL) {
+ PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
+ goto fail_2;
+ }
len = PyString_Size(key) + PyString_Size(val) + 2;
p = PyMem_NEW(char, len);
if (p == NULL) {
@@ -7185,6 +7197,13 @@
} else {
#endif
+ /* Search from index 1 because on Windows starting '=' is allowed for
+ defining hidden environment variables. */
+ if (*s1 == '\0' || strchr(s1 + 1, '=') != NULL) {
+ PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
+ return NULL;
+ }
+
/* XXX This can leak memory -- not easy to fix :-( */
len = strlen(s1) + strlen(s2) + 2;
#ifdef MS_WINDOWS