Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: fix empty-named env var assertion failure #32921

Closed
wants to merge 5 commits into from
Closed

src: fix empty-named env var assertion failure #32921

wants to merge 5 commits into from

Conversation

bl-ue
Copy link
Contributor

@bl-ue bl-ue commented Apr 18, 2020

Setting an environment variable with an empty name on Windows resulted in an assertion failure, because it was checked for an '=' sign at the beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

@nodejs-github-bot nodejs-github-bot added the c++ Issues and PRs that require attention from people who are familiar with C++. label Apr 18, 2020
src/node_env_var.cc Outdated Show resolved Hide resolved
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310
Setting environment variables on Windows was causing an abort because
the assertion did not account for the null-terminator at the end of the
buffer.
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks, but I'd like @addaleax to take a look as well.

@nodejs-github-bot
Copy link
Collaborator

@addaleax
Copy link
Member

addaleax commented Apr 20, 2020

Yeah, I would strongly prefer the original variant of this PR (i.e. 15a7f4c and
1017806 only):

  • Checking whether i < length when accessing an array at index i is a standard thing to do
  • The zero-termination happens for the string utility subclasses of MaybeStackBuffer (i.e. Utf8Value, TwoByteValue, BufferValue), but not for the class itself, so adding CHECK_LT(index, length() + 1); to MaybeStackBuffer is definitely incorrect.

You could compare this to std::string::at()std::string also zero-terminates so that using str.c_str() works, but str.at(str.size()) still fails with an OOB exception (as it should).

@bl-ue
Copy link
Contributor Author

bl-ue commented Apr 20, 2020

@addaleax Okay. I've reverted the changes.

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@addaleax addaleax added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. lts-watch-v10.x labels Apr 25, 2020
Copy link
Member

@juanarbol juanarbol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@addaleax addaleax removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 26, 2020
@addaleax
Copy link
Member

@bl-ue Looks like tools/test.py --worker parallel/test-process-env fails because the env implementation for Worker threads does allow using the empty string as a key, unlike the “real” environment. I think this fix should work:

diff --git a/src/node_env_var.cc b/src/node_env_var.cc
index 22b25e9efff6..8eaf79538a26 100644
--- a/src/node_env_var.cc
+++ b/src/node_env_var.cc
@@ -227,7 +227,7 @@ void MapKVStore::Set(Isolate* isolate, Local<String> key, Local<String> value) {
   Mutex::ScopedLock lock(mutex_);
   Utf8Value key_str(isolate, key);
   Utf8Value value_str(isolate, value);
-  if (*key_str != nullptr && *value_str != nullptr) {
+  if (*key_str != nullptr && key_str.length() > 0 && *value_str != nullptr) {
     map_[std::string(*key_str, key_str.length())] =
         std::string(*value_str, value_str.length());
   }

(I can push that change too, if you like, but it’s your PR after all.)

@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 26, 2020
@nodejs-github-bot
Copy link
Collaborator

@bl-ue
Copy link
Contributor Author

bl-ue commented Apr 26, 2020

@addaleax Okay, I fixed that.

@bl-ue bl-ue requested a review from addaleax April 27, 2020 02:21
@BethGriggs BethGriggs mentioned this pull request Apr 27, 2020
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BridgeAR pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
@BridgeAR BridgeAR mentioned this pull request Apr 28, 2020
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
BethGriggs pushed a commit that referenced this pull request Apr 28, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request Apr 30, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request Apr 30, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request Apr 30, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request May 13, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request May 13, 2020
Setting an environment variable with an empty name on Windows resulted
in an assertion failure, because it was checked for an '=' sign at the
beginning without verifying the length was greater than 0.

Fixes: #32920
Refs: #27310

PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
targos pushed a commit that referenced this pull request May 13, 2020
PR-URL: #32921
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Franziska Hinkelmann <[email protected]>
Reviewed-By: Zeyu Yang <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Juan José Arboleda <[email protected]>
@richardlau
Copy link
Member

richardlau commented Jul 2, 2020

Does not land cleanly on v10.x-staging and will need a manual backport. Looks dependent on #25067.

@bl-ue
Copy link
Contributor Author

bl-ue commented Feb 5, 2021

@richardlau sorry, this is so late, but this issue doesn't even happen on node versions >=12.11.0, so I'm not sure if it needs to be backported...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Setting environment variable with empty name on Windows causes assertion failure
10 participants