[issue1341] printenv(1): don't allow '=' in name

Stathis Kamperis (via DragonFly issue tracker) sinknull at crater.dragonflybsd.org
Mon Apr 20 09:49:31 PDT 2009


Stathis Kamperis <ekamperi at gmail.com> added the comment:

: If the environment variable isn't supposed to exist then it won't find it.
: If the environment variable does exist it is not printenv's job to check
: whether it is legal or not.

True, but printenv isn't very good at deciding if a variable exists in an
environment or not, in case the name contains an '='.

Here is an example. Let's say that there is a variable named "foo" that equals
"bar=123" and we ask from printenv to print the variable "foo=bar" (which
obviously doesn't exist). Here is what happens: 

For every "name=value" pair inside the environment, printenv invokes a memcmp
between the currently examined variable and the target, of at most `len' bytes.
Where `len' is the length of the target. So, memcmp("foo=bar", "foo=bar=123", 7)
actually returns a match, although "foo=bar" doesn't correspond to a real variable.

I hope I didn't confuse things more.

Cheers,
Stathis

_____________________________________________________
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1341>
_____________________________________________________





More information about the Bugs mailing list