[issue1341] printenv(1): don't allow '=' in name
Stathis Kamperis (via DragonFly issue tracker)
sinknull at crater.dragonflybsd.org
Mon Apr 20 09:49:31 PDT 2009
Stathis Kamperis <ekamperi at gmail.com> added the comment:
: If the environment variable isn't supposed to exist then it won't find it.
: If the environment variable does exist it is not printenv's job to check
: whether it is legal or not.
True, but printenv isn't very good at deciding if a variable exists in an
environment or not, in case the name contains an '='.
Here is an example. Let's say that there is a variable named "foo" that equals
"bar=123" and we ask from printenv to print the variable "foo=bar" (which
obviously doesn't exist). Here is what happens:
For every "name=value" pair inside the environment, printenv invokes a memcmp
between the currently examined variable and the target, of at most `len' bytes.
Where `len' is the length of the target. So, memcmp("foo=bar", "foo=bar=123", 7)
actually returns a match, although "foo=bar" doesn't correspond to a real variable.
I hope I didn't confuse things more.
DragonFly issue tracker <bugs at lists.dragonflybsd.org>
More information about the Bugs