From d469368b9e14b9834017a7cf318f02950a4aadcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org>
Date: Fri, 1 Dec 2017 12:22:53 +0100
Subject: Disallow NULs in filename-encoded strings

Previously we accepted trailing NULs, which was backwards compatible
as such usage never resulted in misbehavior in the first place. The
downside is that it prevented erts_native_filename_need from
returning an accurate number of *actual characters*, needlessly
complicating encoding-agnostic code like erts_osenv.
---
 erts/emulator/beam/erl_unicode.c | 14 ++------------
 lib/kernel/doc/src/file.xml      |  7 -------
 lib/kernel/doc/src/os.xml        | 19 ++-----------------
 3 files changed, 4 insertions(+), 36 deletions(-)

diff --git a/erts/emulator/beam/erl_unicode.c b/erts/emulator/beam/erl_unicode.c
index bd5439ba24..e5c7a9502b 100644
--- a/erts/emulator/beam/erl_unicode.c
+++ b/erts/emulator/beam/erl_unicode.c
@@ -2146,7 +2146,6 @@ Sint erts_native_filename_need(Eterm ioterm, int encoding)
     Eterm obj;
     DECLARE_ESTACK(stack);
     Sint need = 0;
-    int seen_null = 0;
 
     if (is_atom(ioterm)) {
 	Atom* ap;
@@ -2191,9 +2190,7 @@ Sint erts_native_filename_need(Eterm ioterm, int encoding)
             byte *name = ap->name;
             int len = ap->len;
             for (i = 0; i < len; i++) {
-                if (name[i] == 0)
-                    seen_null = 1;
-                else if (seen_null) {
+                if (name[i] == 0) {
                     need = -1;
                     break;
                 }
@@ -2233,9 +2230,7 @@ L_Again:   /* Restart with sublist, old listend was pushed on stack */
                          * Do not allow null in
                          * the middle of filenames
                          */
-                        if (x == 0)
-                            seen_null = 1;
-                        else if (seen_null) {
+                        if (x == 0) {
                             DESTROY_ESTACK(stack);
                             return ((Sint) -1);
                         }
@@ -2568,7 +2563,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
 	BIF_ERROR(BIF_P,BADARG);
     }
     if (is_binary(BIF_ARG_1)) {
-        int seen_null = 0;
 	byte *temp_alloc = NULL;
 	byte *bytes;
 	byte *err_pos;
@@ -2585,8 +2579,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
             for (i = 0; i < size; i++) {
                 /* Don't allow null in the middle of filenames... */
                 if (bytes[i] == 0)
-                    seen_null = 1;
-                else if (seen_null)
                     goto bin_name_error;
                 bin_p[i] = bytes[i];
             }
@@ -2605,8 +2597,6 @@ BIF_RETTYPE prim_file_internal_name2native_1(BIF_ALIST_1)
 	    while (size--) {
                 /* Don't allow null in the middle of filenames... */
                 if (*bytes == 0)
-                    seen_null = 1;
-                else if (seen_null)
                     goto bin_name_error;
 		*bin_p++ = *bytes++;
 		*bin_p++ = 0;
diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 58abb35428..8477b0e148 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -93,13 +93,6 @@
       are now <em>rejected</em> and will cause primitive
       file operations fail.
     </p></note>
-    <warning><p>
-      Currently null characters at the end of the filename
-      will be accepted by primitive file operations. Such
-      filenames are however still documented as invalid. The
-      implementation will also change in the future and
-      reject such filenames.
-    </p></warning>
 
   </description>
 
diff --git a/lib/kernel/doc/src/os.xml b/lib/kernel/doc/src/os.xml
index 0a08e2c78a..c27182ff0b 100644
--- a/lib/kernel/doc/src/os.xml
+++ b/lib/kernel/doc/src/os.xml
@@ -58,17 +58,6 @@
 	operations to fail.
       </p>
     </note>
-    <warning>
-      <p>
-	Currently null characters at the end of filenames,
-	environment variable names and values will be accepted
-	by the primitive operations. Such filenames, environment
-	variable names and values are however still documented as
-	invalid. The implementation will also change in the
-	future and reject such filenames, environment variable
-	names and values.
-      </p>
-    </warning>
   </description>
 
   <datatypes>
@@ -143,12 +132,8 @@
 	  <warning><p>Previous implementation used to allow all characters
 	  as long as they were integer values greater than or equal to zero.
 	  This sometimes lead to unwanted results since null characters
-	  (integer value zero) often are interpreted as string termination.
-	  Current implementation still accepts null characters at the end
-	  of <c><anno>Command</anno></c> even though the documentation
-	  states that no null characters are allowed. This will however
-	  be changed in the future so that no null characters at all will
-	  be accepted.</p></warning>
+	  (integer value zero) often are interpreted as string termination. The
+	  current implementation rejects these.</p></warning>
         <p><em>Examples:</em></p>
         <code type="none">
 LsOut = os:cmd("ls"), % on unix platform
-- 
cgit v1.2.3