aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Högberg <[email protected]>2017-12-01 12:22:53 +0100
committerJohn Högberg <[email protected]>2018-01-03 08:14:28 +0100
commitd469368b9e14b9834017a7cf318f02950a4aadcb (patch)
treef2d5c672f0bade06dd82d85481477f17930daa08
parent65df0ce5cec5fdee60c80409f322a58092526537 (diff)
downloadotp-d469368b9e14b9834017a7cf318f02950a4aadcb.tar.gz
otp-d469368b9e14b9834017a7cf318f02950a4aadcb.tar.bz2
otp-d469368b9e14b9834017a7cf318f02950a4aadcb.zip
Disallow NULs in filename-encoded strings
Previously we accepted trailing NULs, which was backwards compatible as such usage never resulted in misbehavior in the first place. The downside is that it prevented erts_native_filename_need from returning an accurate number of *actual characters*, needlessly complicating encoding-agnostic code like erts_osenv.
-rw-r--r--erts/emulator/beam/erl_unicode.c14
-rw-r--r--lib/kernel/doc/src/file.xml7
-rw-r--r--lib/kernel/doc/src/os.xml19
3 files changed, 4 insertions, 36 deletions
diff --git a/erts/emulator/beam/erl_unicode.c b/erts/emulator/beam/erl_unicode.c
index bd5439ba24..e5c7a9502b 100644
--- a/erts/emulator/beam/erl_unicode.c
+++ b/erts/emulator/beam/erl_unicode.c
@@ -2146,7 +2146,6 @@ Sint erts_native_filename_need(Eterm ioterm, int encoding)
Eterm obj;
DECLARE_ESTACK(stack);
Sint need = 0;
- int seen_null = 0;
if (is_atom(ioterm)) {
Atom* ap;
@@ -2191,9 +2190,7 @@ Sint erts_native_filename_need(Eterm ioterm, int encoding)
byte *name = ap->name;
int len = ap->len;
for (i = 0; i < len; i++) {
- if (name[i] == 0)
- seen_null = 1;
- else if (seen_null) {
+ if (name[i] == 0) {
need = -1;
break;
}
@@ -2233,9 +2230,7 @@ L_Again: /* Restart with sublist, old listend was pushed on stack */
* Do not allow null in
* the middle of filenames
*/
- if (x == 0)
- seen_null = 1;
- else if (seen_null) {
+ if (x == 0) {
DESTROY_ESTACK(stack);
return ((Sint) -1);
}
@@ -2568,7 +2563,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
BIF_ERROR(BIF_P,BADARG);
}
if (is_binary(BIF_ARG_1)) {
- int seen_null = 0;
byte *temp_alloc = NULL;
byte *bytes;
byte *err_pos;
@@ -2585,8 +2579,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
for (i = 0; i < size; i++) {
/* Don't allow null in the middle of filenames... */
if (bytes[i] == 0)
- seen_null = 1;
- else if (seen_null)
goto bin_name_error;
bin_p[i] = bytes[i];
}
@@ -2605,8 +2597,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
while (size--) {
/* Don't allow null in the middle of filenames... */
if (*bytes == 0)
- seen_null = 1;
- else if (seen_null)
goto bin_name_error;
*bin_p++ = *bytes++;
*bin_p++ = 0;
diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 58abb35428..8477b0e148 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -93,13 +93,6 @@
are now <em>rejected</em> and will cause primitive
file operations fail.
</p></note>
- <warning><p>
- Currently null characters at the end of the filename
- will be accepted by primitive file operations. Such
- filenames are however still documented as invalid. The
- implementation will also change in the future and
- reject such filenames.
- </p></warning>
</description>
diff --git a/lib/kernel/doc/src/os.xml b/lib/kernel/doc/src/os.xml
index 0a08e2c78a..c27182ff0b 100644
--- a/lib/kernel/doc/src/os.xml
+++ b/lib/kernel/doc/src/os.xml
@@ -58,17 +58,6 @@
operations to fail.
</p>
</note>
- <warning>
- <p>
- Currently null characters at the end of filenames,
- environment variable names and values will be accepted
- by the primitive operations. Such filenames, environment
- variable names and values are however still documented as
- invalid. The implementation will also change in the
- future and reject such filenames, environment variable
- names and values.
- </p>
- </warning>
</description>
<datatypes>
@@ -143,12 +132,8 @@
<warning><p>Previous implementation used to allow all characters
as long as they were integer values greater than or equal to zero.
This sometimes lead to unwanted results since null characters
- (integer value zero) often are interpreted as string termination.
- Current implementation still accepts null characters at the end
- of <c><anno>Command</anno></c> even though the documentation
- states that no null characters are allowed. This will however
- be changed in the future so that no null characters at all will
- be accepted.</p></warning>
+ (integer value zero) often are interpreted as string termination. The
+ current implementation rejects these.</p></warning>
<p><em>Examples:</em></p>
<code type="none">
LsOut = os:cmd("ls"), % on unix platform