Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: make copies of startup environment variables #11051

Closed
wants to merge 1 commit into from

Conversation

bnoordhuis
Copy link
Member

@bnoordhuis bnoordhuis commented Jan 28, 2017

Mutations of the environment can invalidate pointers to environment
variables, so make secure_getenv() copy them out instead of returning
pointers.

cc @sam-github

CI: https://ci.nodejs.org/job/node-test-pull-request/6087/

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. i18n-api Issues and PRs related to the i18n implementation. labels Jan 28, 2017
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with two suggestions

src/node.cc Outdated
@@ -905,12 +905,21 @@ Local<Value> UVException(Isolate* isolate,


// Look up environment variable unless running as setuid root.
inline const char* secure_getenv(const char* key) {
inline bool secure_getenv(const char* key, std::string* text) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to rename this if it no longer matches the secure_getenv(3) signature

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node::SecureGetEnv()?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you expose it in node_internal.h, I can drop 7c6a26e

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed to SafeGetenv() cuz less chars.

src/node.cc Outdated
{
std::string text;
config_preserve_symlinks =
secure_getenv("NODE_PRESERVE_SYMLINKS", &text) && *text.c_str() == '1';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: text[0] == '1'

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(text.length() == 1 && text[0] == '1')? Right now, it appears a value of ``10or100` would also be accepted, in violation of the docs. Though maybe that's a bug for another PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll update to text[0] == '1'. I wrote it like this to keep it as close as possible to the logic it replaces.

Though maybe that's a bug for another PR?

Yes, I would say so. FWIW, it doesn't bother me personally.

Copy link
Contributor

@sam-github sam-github left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is reasonable to avoid unintended changes in the env.

src/node.cc Outdated
@@ -905,12 +905,21 @@ Local<Value> UVException(Isolate* isolate,


// Look up environment variable unless running as setuid root.
inline const char* secure_getenv(const char* key) {
inline bool secure_getenv(const char* key, std::string* text) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node::SecureGetEnv()?

src/node.cc Outdated
{
std::string text;
config_preserve_symlinks =
secure_getenv("NODE_PRESERVE_SYMLINKS", &text) && *text.c_str() == '1';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(text.length() == 1 && text[0] == '1')? Right now, it appears a value of ``10or100` would also be accepted, in violation of the docs. Though maybe that's a bug for another PR?

src/node.cc Outdated
}
// If the parameter isn't given, use the env variable.
if (icu_data_dir.empty())
secure_getenv("NODE_ICU_DATA", &icu_data_dir);
// Initialize ICU.
// If icu_data_dir is nullptr here, it will load the 'minimal' data.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can no longer be nullptr

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, updated.

src/node.cc Outdated
@@ -905,12 +905,21 @@ Local<Value> UVException(Isolate* isolate,


// Look up environment variable unless running as setuid root.
inline const char* secure_getenv(const char* key) {
inline bool secure_getenv(const char* key, std::string* text) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you expose it in node_internal.h, I can drop 7c6a26e

@gibfahn
Copy link
Member

gibfahn commented Feb 6, 2017

ping @bnoordhuis

@gibfahn gibfahn mentioned this pull request Feb 6, 2017
4 tasks
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.
Copy link
Member Author

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

src/node.cc Outdated
@@ -905,12 +905,21 @@ Local<Value> UVException(Isolate* isolate,


// Look up environment variable unless running as setuid root.
inline const char* secure_getenv(const char* key) {
inline bool secure_getenv(const char* key, std::string* text) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed to SafeGetenv() cuz less chars.

src/node.cc Outdated
{
std::string text;
config_preserve_symlinks =
secure_getenv("NODE_PRESERVE_SYMLINKS", &text) && *text.c_str() == '1';
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll update to text[0] == '1'. I wrote it like this to keep it as close as possible to the logic it replaces.

Though maybe that's a bug for another PR?

Yes, I would say so. FWIW, it doesn't bother me personally.

src/node.cc Outdated
}
// If the parameter isn't given, use the env variable.
if (icu_data_dir.empty())
secure_getenv("NODE_ICU_DATA", &icu_data_dir);
// Initialize ICU.
// If icu_data_dir is nullptr here, it will load the 'minimal' data.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, updated.

@bnoordhuis
Copy link
Member Author

If you expose it in node_internal.h, I can drop 7c6a26e

@sam-github I'll let you do that in your PR, it would look incongruous (unnecessary) in this one.

Aside: if the use of std::string bothers anyone, I can replace it with a version that copies out to a plain char array (possibly with some mid-level template magic to infer array bounds - never do any work the compiler can do for you.)

@jasnell
Copy link
Member

jasnell commented Feb 7, 2017

ping @sam-github

@sam-github
Copy link
Contributor

sam-github commented Feb 8, 2017

Landed in a8734af

@sam-github sam-github closed this Feb 8, 2017
sam-github pushed a commit that referenced this pull request Feb 8, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: #11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
@bnoordhuis
Copy link
Member Author

Zu schade, the commit log still mentions secure_getenv().

@bnoordhuis bnoordhuis deleted the secure-getenv branch February 8, 2017 14:51
@@ -3741,7 +3750,7 @@ static void ParseArgs(int* argc,
#endif /* HAVE_OPENSSL */
#if defined(NODE_HAVE_I18N_SUPPORT)
} else if (strncmp(arg, "--icu-data-dir=", 15) == 0) {
icu_data_dir = arg + 15;
icu_data_dir.assign(arg, 15);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When converting openssl_config to std::string, I discovered this copies the first 15 chars of arg into target, it needs to be icu_data_dir.assign(arg + 15); or something of the like. @srl295 Since tests pass, this means that this command line option has no test coverage.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ai, obvious bug in retrospect. #11255

@sam-github
Copy link
Contributor

Sorry, @bnoordhuis, I thought it would be helpful to land it since it was approved and had been waiting on me for several days, I won't do that again.

I found a problem while rebasing #11006 onto master, PTAL.

@italoacasas
Copy link
Contributor

This is having conflicts when landing on v7.x-staging, any plan to backport this?

@sam-github
Copy link
Contributor

Yes, I will create a backport branch for #11006, this, and #11255 since they all build on each other.

@sam-github
Copy link
Contributor

@nodejs/ctc we need labels like backport-to-v#.#, IMO. For this PR, I would label it dont-land-on-v7.x to remove it from the branch-diff results for 7.x candidates, but then include the backport-to label to make clear that it is intended to land on 7.x, it just needs to be backported to hop over the semver-major PR that is blocking it (#10116, fwiw).

sam-github pushed a commit to sam-github/node that referenced this pull request Feb 13, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
sam-github pushed a commit to sam-github/node that referenced this pull request Feb 16, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
italoacasas pushed a commit that referenced this pull request Feb 16, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: #11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Copy link
Member

@srl295 srl295 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after the fact

italoacasas pushed a commit that referenced this pull request Feb 22, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: #11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
krydos pushed a commit to krydos/node that referenced this pull request Feb 25, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
@jasnell
Copy link
Member

jasnell commented Mar 7, 2017

Needs a backport PR to land on v4 or v6

sam-github pushed a commit to sam-github/node that referenced this pull request Apr 17, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 16, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: #11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
MylesBorins pushed a commit that referenced this pull request May 18, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: #11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
@MylesBorins MylesBorins mentioned this pull request May 23, 2017
andrew749 pushed a commit to michielbaird/node that referenced this pull request Jul 19, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs/node#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
sam-github added a commit to sam-github/node that referenced this pull request Oct 10, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

This is the part of nodejs#11051 that
applies to
nodejs@03e89b3
sam-github added a commit to sam-github/node that referenced this pull request Oct 11, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

This is the part of nodejs#11051 that
applies to be11fb4.
This part wasn't backported to 6.x when nodejs#11051 was backported
because the semver-minor introduction
of NODE_REDIRECT_WARNINGS hadn't been backported yet. Now that the
env var is backported, this last bit of nodejs#11051 is needed.
MylesBorins pushed a commit that referenced this pull request Oct 16, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

This is the part of #11051 that
applies to be11fb4.
This part wasn't backported to 6.x when #11051 was backported
because the semver-minor introduction
of NODE_REDIRECT_WARNINGS hadn't been backported yet. Now that the
env var is backported, this last bit of #11051 is needed.

PR-URL: #12677
Reviewed-By: Gibson Fahnestock <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
MylesBorins pushed a commit that referenced this pull request Oct 25, 2017
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

This is the part of #11051 that
applies to be11fb4.
This part wasn't backported to 6.x when #11051 was backported
because the semver-minor introduction
of NODE_REDIRECT_WARNINGS hadn't been backported yet. Now that the
env var is backported, this last bit of #11051 is needed.

PR-URL: #12677
Reviewed-By: Gibson Fahnestock <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. i18n-api Issues and PRs related to the i18n implementation.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants