diff options
| author | Simon McVittie <smcv@debian.org> | 2016-05-11 09:18:14 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-05-11 09:18:14 +0100 |
| commit | 5f6f9a1beab327be2728d44c1996408176f6800e (patch) | |
| tree | 2c9cda07a8776dea92bc12a4b80648132d4b0ae2 /t | |
| parent | 062dbf1373dcf1646ef58400f011dc3b148aa862 (diff) | |
| download | ikiwiki-5f6f9a1beab327be2728d44c1996408176f6800e.tar ikiwiki-5f6f9a1beab327be2728d44c1996408176f6800e.tar.gz | |
Wrapper: allocate new environment dynamically
Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.
I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
Diffstat (limited to 't')
| -rwxr-xr-x | t/cvs.t | 2 | ||||
| -rwxr-xr-x | t/wrapper-environ.t | 92 |
2 files changed, 93 insertions, 1 deletions
@@ -708,5 +708,5 @@ sub stripext { } sub _wrapper_paths { - return qq{newenviron[i++]="PERL5LIB=$ENV{PERL5LIB}";}; + return qq{addenv("PERL5LIB", "$ENV{PERL5LIB}");}; } diff --git a/t/wrapper-environ.t b/t/wrapper-environ.t new file mode 100755 index 000000000..ddf5a6e44 --- /dev/null +++ b/t/wrapper-environ.t @@ -0,0 +1,92 @@ +#!/usr/bin/perl +use warnings; +use strict; + +use Test::More; +plan(skip_all => "IPC::Run not available") + unless eval q{ + use IPC::Run qw(run); + 1; + }; + +use IkiWiki; + +use Cwd qw(getcwd); +use Errno qw(ENOENT); + +my $installed = $ENV{INSTALLED_TESTS}; + +my @command; +if ($installed) { + @command = qw(env PERL5LIB=t/tmp ikiwiki); +} +else { + ok(! system("make -s ikiwiki.out")); + @command = qw(env PERL5LIB=t/tmp:blib/lib:blib/arch perl -I. ./ikiwiki.out + --underlaydir=underlays/basewiki + --set underlaydirbase=underlays + --templatedir=templates); +} + +writefile("test.setup", "t/tmp", <<EOF +# IkiWiki::Setup::Yaml - YAML formatted setup file +wikiname: this is the name of my wiki +srcdir: t/tmp/in +destdir: t/tmp/out +url: http://localhost +cgiurl: http://localhost/ikiwiki.cgi +cgi_wrapper: t/tmp/ikiwiki.cgi +cgi_wrappermode: 0754 +add_plugins: +- anonok +- excessiveenvironment +anonok_pagespec: "*" +ENV: { 'PERL5LIB': 't/tmp:blib/lib:blib/arch' } +EOF + ); + +writefile("index.mdwn", "t/tmp/in", ""); + +writefile("IkiWiki/Plugin/excessiveenvironment.pm", "t/tmp", <<'EOF' +#!/usr/bin/perl +package IkiWiki::Plugin::excessiveenvironment; +use warnings; +use strict; +use IkiWiki; + +sub import { + hook(type => "getsetup", id => "excessiveenvironment", call => \&getsetup); + hook(type => "genwrapper", id => "excessiveenvironment", call => \&genwrapper); +} + +sub getsetup { + return plugin => { + safe => 0, + rebuild => undef, + section => "rcs", + }; +} + +sub genwrapper { + my @ret; + foreach my $j (1..4096) { + push @ret, qq{addenv("VAR$j", "val$j");\n}; + } + return join '', @ret; +} + +1; +EOF + ); + +my $stdout; +ok(! system(@command, qw(--setup t/tmp/test.setup --rebuild --wrappers)), "run ikiwiki"); +ok(run(["./t/tmp/ikiwiki.cgi"], '<&-', '>', \$stdout, init => sub { + $ENV{HTTP_HOST} = "localhost"; + $ENV{QUERY_STRING} = "do=prefs"; + $ENV{REQUEST_METHOD} = "GET"; + $ENV{SCRIPT_NAME} = "/cgi-bin/ikiwiki.cgi"; + $ENV{SERVER_PORT} = "80" +}), "run CGI"); + +done_testing(); |