diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-02-17 22:56:28 -0500 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-02-20 23:32:53 -0500 |
| commit | 184d19047370652184a44686cf85bf5001bdf413 (patch) | |
| tree | ff4fe4f6a27cad87cb9da6e11b507a17e4e2daf8 /src/basic/fileio.c | |
| parent | ccad1fd07ce4eb40a2fcf81cfb55d9b41fdcac48 (diff) | |
Tighten checking for variable validity
In the future we might want to allow additional syntax (for example
"unset VAR". But let's check that the data we're getting does not contain
anything unexpected.
Diffstat (limited to 'src/basic/fileio.c')
| -rw-r--r-- | src/basic/fileio.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/basic/fileio.c b/src/basic/fileio.c index 3c2dab1855..8185f67e00 100644 --- a/src/basic/fileio.c +++ b/src/basic/fileio.c @@ -773,6 +773,16 @@ static int merge_env_file_push( assert(env); + if (!value) { + log_error("%s:%u: invalid syntax (around \"%s\"), ignoring.", strna(filename), line, key); + return 0; + } + + if (!env_name_is_valid(key)) { + log_error("%s:%u: invalid variable name \"%s\", ignoring.", strna(filename), line, key); + return 0; + } + expanded_value = replace_env(value, *env, REPLACE_ENV_USE_ENVIRONMENT|REPLACE_ENV_ALLOW_BRACELESS); if (!expanded_value) |