[2.7] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) (#2372) Prevent passing other invalid environment variables and command arguments.. (cherry picked from commit d174d24a5d37d1516b885dc7c82f71ecd5930700)

commit: 9dda2caca8edc7ff1285f6b0d1c5279b51854b7d [log] [tgz]
author: Serhiy Storchaka <storchaka@gmail.com> Sat Jun 24 11:49:00 2017 +0300
committer: GitHub <noreply@github.com> Sat Jun 24 11:49:00 2017 +0300
tree: bfe785b8878b1bb8bb531a8a97a674ae4624b4e6
parent: 7709b4d57b433ef027a2e7e63b4cab3fc9ad910d [diff]
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index ad50536..ffeb715 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c

@@ -3315,6 +3315,12 @@
         {
             goto fail_2;
         }
+        /* Search from index 1 because on Windows starting '=' is allowed for
+           defining hidden environment variables. */
+        if (*k == '\0' || strchr(k + 1, '=') != NULL) {
+            PyErr_SetString(PyExc_ValueError, "illegal environment variable name");
+            goto fail_2;
+        }
 
 #if defined(PYOS_OS2)
         /* Omit Pseudo-Env Vars that Would Confuse Programs if Passed On */
commit	9dda2caca8edc7ff1285f6b0d1c5279b51854b7d	[log] [tgz]
author	Serhiy Storchaka <storchaka@gmail.com>	Sat Jun 24 11:49:00 2017 +0300
committer	GitHub <noreply@github.com>	Sat Jun 24 11:49:00 2017 +0300
tree	bfe785b8878b1bb8bb531a8a97a674ae4624b4e6
parent	7709b4d57b433ef027a2e7e63b4cab3fc9ad910d [diff]