From: Hans Ulrich Niedermann Date: Wed, 21 Oct 2020 20:40:18 +0000 (+0200) Subject: test-env-util: Verify that \r is disallowed in env var values X-Git-Tag: v247-rc1~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e1e8c60af73fa2c61539c9e201a1db623be55b69;p=thirdparty%2Fsystemd.git test-env-util: Verify that \r is disallowed in env var values This adds tests to make sure that basic/env-util considers environment variables containing \r characters invalid, and that it removes such variables during environment cleanup in strv_env_clean*(). test-env-util has not verified this behaviour before. As \r characters can be used to hide information, disallowing them helps with systemd's security barrier role, even when the \r character comes as part of a DOS style (\r\n) line ending. Prompted-by: https://github.com/systemd/systemd/issues/17378 --- diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c index b0af660e3ba..4fede158cd0 100644 --- a/src/test/test-env-util.c +++ b/src/test/test-env-util.c @@ -264,6 +264,7 @@ static void test_env_clean(void) { "xyz=xyz\n", "another=one", "another=final one", + "CRLF=\r\n", "BASH_FUNC_foo%%=() { echo foo\n}"); assert_se(e); assert_se(!strv_env_is_valid(e)); @@ -306,6 +307,8 @@ static void test_env_value_is_valid(void) { assert_se(env_value_is_valid("printf \"\\x1b]0;\\x07\"")); assert_se(env_value_is_valid("tab\tcharacter")); assert_se(env_value_is_valid("new\nline")); + assert_se(!env_value_is_valid("Show this?\rNope. Show that!")); + assert_se(!env_value_is_valid("new DOS\r\nline")); } static void test_env_assignment_is_valid(void) {