Skip to content

Validate environment variable names in std::process #126391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Validate environment variable names in std::process #126391

wants to merge 2 commits into from

Conversation

@tbu-
Copy link
Contributor

@tbu- tbu- commented Jun 13, 2024
edited by cuviper
Loading

Make sure that they're not empty and do not contain = signs beyond the first character. This prevents environment variable injection, because previously, setting the PATH=/opt: variable to foobar would lead to the PATH variable being overridden.

Fixes #122335.
try-job: x86_64-msvc

@rustbot
Copy link
Collaborator

rustbot commented Jun 13, 2024

r? @cuviper

rustbot has assigned @cuviper.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added O-unix Operating system: Unix-like O-windows Operating system: Windows S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Jun 13, 2024
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@tbu- tbu- force-pushed the pr_command_env_equals branch from da26852 to a733df6 Compare June 13, 2024 10:22
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@tbu- tbu- mentioned this pull request Jun 13, 2024
Open
@tbu- tbu- force-pushed the pr_command_env_equals branch from a733df6 to 0cabc6f Compare June 13, 2024 10:39
cuviper
cuviper reviewed Jun 20, 2024
View reviewed changes
@tbu- tbu- force-pushed the pr_command_env_equals branch 2 times, most recently from 6f7f6ac to cb33c5e Compare June 20, 2024 19:26
@cuviper
Copy link
Member

cuviper commented Jun 21, 2024

Thanks!

@bors r+ rollup=iffy (because it touches lots of platforms)

@bors
Copy link
Collaborator

bors commented Jun 21, 2024

📌 Commit cb33c5e has been approved by cuviper

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jun 21, 2024
bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 21, 2024
@bors
Auto merge of rust-lang#126391 - tbu-:pr_command_env_equals, r=cuviper
d8f447d 
Validate environment variable names in `std::process`

Make sure that they're not empty and do not contain `=` signs beyond the first character. This prevents environment variable injection, because previously, setting the `PATH=/opt:` variable to `foobar` would lead to the `PATH` variable being overridden.

Fixes rust-lang#122335.
@bors
Copy link
Collaborator

bors commented Jun 21, 2024

⌛ Testing commit cb33c5e with merge d8f447d...

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@bors
Copy link
Collaborator

bors commented Jun 21, 2024

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Jun 21, 2024
@cuviper
Copy link
Member

cuviper commented Jun 21, 2024 

---- process::tests::test_env_leading_equals stdout ----
thread 'process::tests::test_env_leading_equals' panicked at library\std\src\process\tests.rs:404:5:
didn't find =RUN_TEST_LEADING_EQUALS inside of:
[env dump]

@ChrisDenton
Copy link
Member

Oh. on Windows env_cmd() uses set in cmd.exe. Variables starting with = are intentionally hidden from it.

@tbu-
Copy link
Contributor Author

tbu- commented Jun 21, 2024

Oh. on Windows env_cmd() uses set in cmd.exe. Variables starting with = are intentionally hidden from it.

Do you have a suggestion on how I could fix the test?

@ChrisDenton
Copy link
Member

I'm not sure how it can fixed using built-in shell tools as the point is they're not meant to be viewed. It could be done by spawning a rust application that reads the environment but that would probably need to be a ui tests.

@ChrisDenton
Copy link
Member

Oh, one idea I just had is that you can test for the specific variable. E.g. in cmd.exe echo %=RUN_TEST_LEADING_EQUALS% should print the value. Obviously Windows specific though,

@bors
Copy link
Collaborator

bors commented Jun 22, 2024

☔ The latest upstream changes (presumably #124101) made this pull request unmergeable. Please resolve the merge conflicts.

@rustbot rustbot added the S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. label Aug 27, 2024
@tbu- tbu- force-pushed the pr_command_env_equals branch from fc85278 to 870e5bd Compare October 7, 2024 16:03
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@tbu-
Validate environment variable names in std::process
6e57e34 
Make sure that they're not empty and do not contain `=` signs beyond the
first character. This prevents environment variable injection, because
previously, setting the `PATH=/opt:` variable to `foobar` would lead to
the `PATH` variable being overridden.

Fixes rust-lang#122335.
@tbu- tbu- force-pushed the pr_command_env_equals branch from 870e5bd to 6e57e34 Compare October 7, 2024 17:16
@tbu-
Copy link
Contributor Author

tbu- commented Oct 7, 2024

@rustbot ready

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels Oct 7, 2024
@cuviper
Copy link
Member

cuviper commented Oct 11, 2024

@bors r+

@bors
Copy link
Collaborator

bors commented Oct 11, 2024

📌 Commit 6e57e34 has been approved by cuviper

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 11, 2024
@bors
Copy link
Collaborator

bors commented Oct 13, 2024

⌛ Testing commit 6e57e34 with merge d2c4535...

bors added a commit to rust-lang-ci/rust that referenced this pull request Oct 13, 2024
@bors
Auto merge of rust-lang#126391 - tbu-:pr_command_env_equals, r=cuviper
d2c4535 
Validate environment variable names in `std::process`

Make sure that they're not empty and do not contain `=` signs beyond the first character. This prevents environment variable injection, because previously, setting the `PATH=/opt:` variable to `foobar` would lead to the `PATH` variable being overridden.

Fixes rust-lang#122335.
try-job: x86_64-msvc
@rust-log-analyzer
Copy link
Collaborator

The job dist-x86_64-msvc failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot) 
[2024-10-13T07:27:04Z DEBUG collector::compile::benchmark] Benchmark iteration 1/1
[2024-10-13T07:27:04Z INFO  collector::compile::execute] run_rustc with incremental=false, profile=Debug, scenario=Some(Full), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:04Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpanHDZG#diesel@1.4.8" "--" "--wrap-rustc-with" "Eprintln"
[2024-10-13T07:27:12Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Debug, scenario=Some(IncrFull), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:12Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpanHDZG#diesel@1.4.8" "--" "--wrap-rustc-with" "Eprintln" "-C" "incremental=C:\\a\\_temp\\msys64\\tmp\\.tmpanHDZG\\incremental-state"
[2024-10-13T07:27:20Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Debug, scenario=Some(IncrUnchanged), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:20Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpanHDZG#diesel@1.4.8" "--" "--wrap-rustc-with" "Eprintln" "-C" "incremental=C:\\a\\_temp\\msys64\\tmp\\.tmpanHDZG\\incremental-state"
[2024-10-13T07:27:23Z DEBUG collector::compile::benchmark::patch] applying println to "C:\\a\\_temp\\msys64\\tmp\\.tmpanHDZG"
[2024-10-13T07:27:23Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Debug, scenario=Some(IncrPatched), patch=Some(Patch { index: 0, name: PatchName("println"), path: "0-println.patch" }), backend=Llvm, phase=benchmark
[2024-10-13T07:27:23Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Debug, scenario=Some(IncrPatched), patch=Some(Patch { index: 0, name: PatchName("println"), path: "0-println.patch" }), backend=Llvm, phase=benchmark
[2024-10-13T07:27:23Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpanHDZG#diesel@1.4.8" "--" "--wrap-rustc-with" "Eprintln" "-C" "incremental=C:\\a\\_temp\\msys64\\tmp\\.tmpanHDZG\\incremental-state"
[2024-10-13T07:27:25Z DEBUG collector::compile::benchmark] Benchmark iteration 1/1
[2024-10-13T07:27:26Z INFO  collector::compile::execute] run_rustc with incremental=false, profile=Opt, scenario=Some(Full), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:26Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmp7duH7u#diesel@1.4.8" "--release" "--" "--wrap-rustc-with" "Eprintln"
[2024-10-13T07:27:34Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Opt, scenario=Some(IncrFull), patch=None, backend=Llvm, phase=benchmark
---
[2024-10-13T07:27:53Z DEBUG collector::compile::benchmark] Benchmark iteration 1/1
[2024-10-13T07:27:53Z INFO  collector::compile::execute] run_rustc with incremental=false, profile=Check, scenario=Some(Full), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:53Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpjZQTxU#match-stress@0.1.0" "--profile" "check" "--" "--wrap-rustc-with" "Eprintln"
[2024-10-13T07:27:55Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Check, scenario=Some(IncrFull), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:55Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpjZQTxU#match-stress@0.1.0" "--profile" "check" "--" "--wrap-rustc-with" "Eprintln" "-C" "incremental=C:\\a\\_temp\\msys64\\tmp\\.tmpjZQTxU\\incremental-state"
[2024-10-13T07:27:56Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Check, scenario=Some(IncrUnchanged), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:56Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpjZQTxU#match-stress@0.1.0" "--profile" "check" "--" "--wrap-rustc-with" "Eprintln" "-C" "incremental=C:\\a\\_temp\\msys64\\tmp\\.tmpjZQTxU\\incremental-state"
[2024-10-13T07:27:57Z DEBUG collector::compile::benchmark] Benchmark iteration 1/1
[2024-10-13T07:27:57Z INFO  collector::compile::execute] run_rustc with incremental=false, profile=Debug, scenario=Some(Full), patch=None, backend=Llvm, phase=benchmark
[2024-10-13T07:27:57Z DEBUG collector::compile::execute] "\\\\?\\C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage0\\bin\\cargo.exe" "rustc" "--manifest-path" "Cargo.toml" "-p" "path+file:///C:/a/_temp/msys64/tmp/.tmpP6rNL8#match-stress@0.1.0" "--" "--wrap-rustc-with" "Eprintln"
[2024-10-13T07:27:59Z INFO  collector::compile::execute] run_rustc with incremental=true, profile=Debug, scenario=Some(IncrFull), patch=None, backend=Llvm, phase=benchmark
---
   Compiling rustc_driver v0.0.0 (C:\a\rust\rust\compiler\rustc_driver)
[RUSTC-TIMING] rustc_driver test:false 4.546
error: linking with `link.exe` failed: exit code: 1104
  |
  = note: "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\bin\\HostX64\\x64\\link.exe" "/NOLOGO" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\symbols.o" "C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\deps\\rustc_main-7d6355a9a4522913.rustc_main.775a035941d67e51-cgu.0.rcgu.o" "C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\deps\\rustc_driver-d94da7aacb122aa6.dll.lib" "C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1\\lib\\rustlib\\x86_64-pc-windows-msvc\\lib\\libcompiler_builtins-762223ebea393cfe.rlib" "psapi.lib" "shell32.lib" "ole32.lib" "uuid.lib" "advapi32.lib" "ws2_32.lib" "ntdll.lib" "kernel32.lib" "advapi32.lib" "ole32.lib" "oleaut32.lib" "advapi32.lib" "cfgmgr32.lib" "gdi32.lib" "kernel32.lib" "msimg32.lib" "opengl32.lib" "user32.lib" "winspool.lib" "bcrypt.lib" "advapi32.lib" "legacy_stdio_definitions.lib" "kernel32.lib" "kernel32.lib" "advapi32.lib" "ntdll.lib" "userenv.lib" "ws2_32.lib" "dbghelp.lib" "/defaultlib:libcmt" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\advapi32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-errorhandling-l1-1-3.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-file-fromapp-l1-1-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-handle-l1-1-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-ioring-l1-1-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-3.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-4.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-5.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-6.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-7.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-memory-l1-1-8.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-synch-l1-2-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-sysinfo-l1-2-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-sysinfo-l1-2-3.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-sysinfo-l1-2-4.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-sysinfo-l1-2-6.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-util-l1-1-1.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-winrt-error-l1-1-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-winrt-l1-1-0.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-core-wow64-l1-1-1.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\api-ms-win-security-base-l1-2-2.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\avrt.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\bcp47mrm.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\bcryptprimitives.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\clfsw32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\dbghelp.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\elscore.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\gdi32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\icu.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\imagehlp.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\kernel32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\ktmw32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\netapi32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\normaliz.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\ntdll.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\ntdllk.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\ole32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\oleacc.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\oleaut32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\propsys.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\psapi.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\rtworkq.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\txfw32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\user32.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\usp10.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\version.dll_imports_indirect.lib" "C:\\a\\_temp\\msys64\\tmp\\rustca6sckC\\wofutil.dll_imports_indirect.lib" "/NXCOMPAT" "/LIBPATH:C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\atlmfc\\lib\\x64" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\build\\stacker-1c496942f5526841\\out" "/LIBPATH:C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\atlmfc\\lib\\x64" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\build\\psm-b307fe5d9726f8b1\\out" "/LIBPATH:C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\atlmfc\\lib\\x64" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\build\\blake3-4a372efeb6f355a1\\out" "/LIBPATH:C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\atlmfc\\lib\\x64" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\build\\blake3-4a372efeb6f355a1\\out" "/LIBPATH:C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Tools\\MSVC\\14.41.34120\\atlmfc\\lib\\x64" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\build\\rustc_llvm-e2958cd171cbaa3b\\out" "/LIBPATH:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\llvm\\lib" "/OUT:C:\\a\\rust\\rust\\build\\x86_64-pc-windows-msvc\\stage1-rustc\\x86_64-pc-windows-msvc\\release\\deps\\rustc_main-7d6355a9a4522913.exe" "/OPT:REF,ICF" "/DEBUG" "/PDBALTPATH:%_PDB%" "/MANIFEST:EMBED" "/MANIFESTINPUT:C:\\a\\rust\\rust\\compiler\\rustc\\Windows Manifest.xml" "/WX"
  = note: LINK : fatal error LNK1104: cannot open file 'C:\a\rust\rust\build\x86_64-pc-windows-msvc\stage1-rustc\x86_64-pc-windows-msvc\release\deps\rustc_main-7d6355a9a4522913.exe'␍

[RUSTC-TIMING] rustc_main test:false 0.636
error: could not compile `rustc-main` (bin "rustc-main") due to 1 previous error
Build completed unsuccessfully in 0:07:48

@bors
Copy link
Collaborator

bors commented Oct 13, 2024

💔 Test failed - checks-actions

@bors bors added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. labels Oct 13, 2024
@bors
Copy link
Collaborator

bors commented Oct 17, 2024

⌛ Testing commit 6e57e34 with merge 6120c2b...

bors added a commit to rust-lang-ci/rust that referenced this pull request Oct 17, 2024
@bors
Auto merge of rust-lang#126391 - tbu-:pr_command_env_equals, r=cuviper
6120c2b 
Validate environment variable names in `std::process`

Make sure that they're not empty and do not contain `=` signs beyond the first character. This prevents environment variable injection, because previously, setting the `PATH=/opt:` variable to `foobar` would lead to the `PATH` variable being overridden.

Fixes rust-lang#122335.
try-job: x86_64-msvc
@rust-log-analyzer
Copy link
Collaborator

The job arm-android failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot)

@bors
Copy link
Collaborator

bors commented Oct 17, 2024

💔 Test failed - checks-actions

@jieyouxu
Copy link
Member 

2024-10-17T11:07:40.2366240Z ---- process::tests::test_env_leading_equals stdout ----
2024-10-17T11:07:40.2367993Z thread 'process::tests::test_env_leading_equals' panicked at std/src/process/tests.rs:410:5:
2024-10-17T11:07:40.2369575Z didn't find =RUN_TEST_LEADING_EQUALS inside of:

@bors r-

@bors bors added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 25, 2024
@tbu-
Copy link
Contributor Author

tbu- commented Dec 21, 2024

I'm a bit at loss why the test fails on Android. We set the environment by replacing the environ pointer and then calling posix_spawn. There's nothing in the way that should validate environment variable strings. I tested on my Android phone that env supports setting and printing environment variables that include equals signs…

@Dylan-DPC
Copy link
Member

@tbu- any updates on the failure? thanks

@alex-semenyuk
Copy link
Member

@tbu-
From wg-triage. Closed this PR due to inactivity. Feel free to reopen or raised new one. Thanks for your efforts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cuviper cuviper cuviper left review comments

@ChrisDenton ChrisDenton ChrisDenton left review comments

+1 more reviewer

@klensy klensy klensy left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@cuviper cuviper

Labels

O-unix Operating system: Unix-like O-windows Operating system: Windows S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Command::env doesn't report an error for keys with = in them

10 participants

@tbu- @rustbot @rust-log-analyzer @cuviper @bors @ChrisDenton @jieyouxu @Dylan-DPC @alex-semenyuk @klensy