From c2d70945dce9cb09d5d7120d6e9ddf7faac8d230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org>
Date: Wed, 22 Nov 2017 13:19:57 +0100
Subject: Replace the libc environment with a thread-safe emulation

putenv(3) and friends aren't thread-safe regardless of how you slice
it; a global lock around all environment operations (like before)
keeps things safe as far as our own operations go, but we have
absolutely no control over what libc or a library dragged in by a
driver/NIF does -- they're free to call getenv(3) or putenv(3)
without honoring our lock.

This commit solves this by setting up an "emulated" environment which
can't be touched without going through our interfaces. Third-party
libraries can still shoot themselves in the foot but benign uses of
os:putenv/2 will no longer risk crashing the emulator.
---
 erts/emulator/beam/erl_bif_os.c | 199 +++++++++++-----------------------------
 1 file changed, 52 insertions(+), 147 deletions(-)

(limited to 'erts/emulator/beam/erl_bif_os.c')

diff --git a/erts/emulator/beam/erl_bif_os.c b/erts/emulator/beam/erl_bif_os.c
index 910325a2f4..ce2b27409b 100644
--- a/erts/emulator/beam/erl_bif_os.c
+++ b/erts/emulator/beam/erl_bif_os.c
@@ -36,8 +36,7 @@
 #include "big.h"
 #include "dist.h"
 #include "erl_version.h"
-
-static int check_env_name(char *name);
+#include "erl_osenv.h"
 
 /*
  * Return the pid for the Erlang process in the host OS.
@@ -67,148 +66,78 @@ BIF_RETTYPE os_getpid_0(BIF_ALIST_0)
      BIF_RET(buf_to_intlist(&hp, pid_string, n, NIL));
 }
 
-BIF_RETTYPE os_getenv_0(BIF_ALIST_0)
+static void os_getenv_foreach(Process *process, Eterm *result, Eterm key, Eterm value)
 {
-    GETENV_STATE state;
-    char *cp;
-    Eterm* hp;
-    Eterm ret;
-    Eterm str;
+    Eterm kvp_term, *hp;
 
-    init_getenv_state(&state);
+    hp = HAlloc(process, 5);
+    kvp_term = TUPLE2(hp, key, value);
+    hp += 3;
 
-    ret = NIL;
-    while ((cp = getenv_string(&state)) != NULL) {
-	str = erts_convert_native_to_filename(BIF_P,(byte *)cp);
-	hp = HAlloc(BIF_P, 2);
-	ret = CONS(hp, str, ret);
-    }
+    (*result) = CONS(hp, kvp_term, (*result));
+}
 
-    fini_getenv_state(&state);
+BIF_RETTYPE os_list_env_vars_0(BIF_ALIST_0)
+{
+    const erts_osenv_t *global_env;
+    Eterm result = NIL;
+
+    global_env = erts_sys_rlock_global_osenv();
+    erts_osenv_foreach_term(global_env, BIF_P, &result, (void*)&os_getenv_foreach);
+    erts_sys_runlock_global_osenv();
 
-    return ret;
+    return result;
 }
 
-#define STATIC_BUF_SIZE 1024
-BIF_RETTYPE os_getenv_1(BIF_ALIST_1)
+BIF_RETTYPE os_get_env_var_1(BIF_ALIST_1)
 {
-    Process* p = BIF_P;
-    Eterm str;
-    Sint len;
-    int res;
-    char *key_str, *val;
-    char buf[STATIC_BUF_SIZE];
-    size_t val_size = sizeof(buf);
-
-    key_str = erts_convert_filename_to_native(BIF_ARG_1,buf,STATIC_BUF_SIZE,
-					      ERTS_ALC_T_TMP,1,0,&len);
-
-    if (!check_env_name(key_str)) {
-        if (key_str && key_str != &buf[0])
-            erts_free(ERTS_ALC_T_TMP, key_str);
-        BIF_ERROR(p, BADARG);
-    }
+    const erts_osenv_t *global_env;
+    Eterm out_term;
+    int error;
 
-    if (key_str != &buf[0])
-	val = &buf[0];
-    else {
-	/* len includes zero byte */
-	val_size -= len;
-	val = &buf[len];
-    }
-    res = erts_sys_getenv(key_str, val, &val_size);
-
-    if (res < 0) {
-    no_var:
-	str = am_false;
-    } else {
-	if (res > 0) {
-	    val = erts_alloc(ERTS_ALC_T_TMP, val_size);
-	    while (1) {
-		res = erts_sys_getenv(key_str, val, &val_size);
-		if (res == 0)
-		    break;
-		else if (res < 0)
-		    goto no_var;
-		else
-		    val = erts_realloc(ERTS_ALC_T_TMP, val, val_size);
-	    }
-	}
-	str = erts_convert_native_to_filename(p,(byte *)val);
-    }
-    if (key_str != &buf[0])
-	erts_free(ERTS_ALC_T_TMP, key_str);
-    if (val < &buf[0] || &buf[sizeof(buf)-1] < val)
-	erts_free(ERTS_ALC_T_TMP, val);
-    BIF_RET(str);
+    global_env = erts_sys_rlock_global_osenv();
+    error = erts_osenv_get_term(global_env, BIF_P, BIF_ARG_1, &out_term);
+    erts_sys_runlock_global_osenv();
+
+    if (error == 0) {
+        return am_false;
+    } else if (error < 0) {
+        BIF_ERROR(BIF_P, BADARG);
+    } 
+
+    return out_term;
 }
 
-BIF_RETTYPE os_putenv_2(BIF_ALIST_2)
+BIF_RETTYPE os_set_env_var_2(BIF_ALIST_2)
 {
-    char def_buf_key[STATIC_BUF_SIZE];
-    char def_buf_value[STATIC_BUF_SIZE];
-    char *key_buf = NULL, *value_buf = NULL;
-
-    key_buf = erts_convert_filename_to_native(BIF_ARG_1,def_buf_key,
-					      STATIC_BUF_SIZE,
-					      ERTS_ALC_T_TMP,0,0,NULL);
-    if (!check_env_name(key_buf))
-        goto badarg;
-
-    value_buf = erts_convert_filename_to_native(BIF_ARG_2,def_buf_value,
-						STATIC_BUF_SIZE,
-						ERTS_ALC_T_TMP,1,0,
-						NULL);
-    if (!value_buf)
-        goto badarg;
-
-    if (erts_sys_putenv(key_buf, value_buf)) {
-	if (key_buf != def_buf_key) {
-	    erts_free(ERTS_ALC_T_TMP, key_buf);
-	}
-	if (value_buf != def_buf_value) {
-	    erts_free(ERTS_ALC_T_TMP, value_buf);
-	}
-	BIF_ERROR(BIF_P, BADARG);
-    }
-    if (key_buf != def_buf_key) {
-	erts_free(ERTS_ALC_T_TMP, key_buf);
-    }
-    if (value_buf != def_buf_value) {
-	erts_free(ERTS_ALC_T_TMP, value_buf);
+    erts_osenv_t *global_env;
+    int error;
+
+    global_env = erts_sys_rwlock_global_osenv();
+    error = erts_osenv_put_term(global_env, BIF_ARG_1, BIF_ARG_2);
+    erts_sys_rwunlock_global_osenv();
+
+    if (error < 0) {
+        BIF_ERROR(BIF_P, BADARG);
     }
-    BIF_RET(am_true);
 
-badarg:
-    if (key_buf && key_buf != def_buf_key)
-	erts_free(ERTS_ALC_T_TMP, key_buf);
-    if (value_buf && value_buf != def_buf_value)
-	erts_free(ERTS_ALC_T_TMP, value_buf);
-    BIF_ERROR(BIF_P, BADARG);
+    BIF_RET(am_true);
 }
 
-BIF_RETTYPE os_unsetenv_1(BIF_ALIST_1)
+BIF_RETTYPE os_unset_env_var_1(BIF_ALIST_1)
 {
-    char *key_buf;
-    char buf[STATIC_BUF_SIZE];
+    erts_osenv_t *global_env;
+    int error;
 
-    key_buf = erts_convert_filename_to_native(BIF_ARG_1,buf,STATIC_BUF_SIZE,
-					      ERTS_ALC_T_TMP,0,0,NULL);
-    if (!check_env_name(key_buf))
-        goto badarg;
+    global_env = erts_sys_rwlock_global_osenv();
+    error = erts_osenv_unset_term(global_env, BIF_ARG_1);
+    erts_sys_rwunlock_global_osenv();
 
-    if (erts_sys_unsetenv(key_buf))
-        goto badarg;
-
-    if (key_buf != buf) {
-	erts_free(ERTS_ALC_T_TMP, key_buf);
+    if (error < 0) {
+        BIF_ERROR(BIF_P, BADARG);
     }
-    BIF_RET(am_true);
 
-badarg:
-    if (key_buf && key_buf != buf)
-        erts_free(ERTS_ALC_T_TMP, key_buf);
-    BIF_ERROR(BIF_P, BADARG);    
+    BIF_RET(am_true);
 }
 
 BIF_RETTYPE os_set_signal_2(BIF_ALIST_2) {
@@ -224,27 +153,3 @@ BIF_RETTYPE os_set_signal_2(BIF_ALIST_2) {
 error:
     BIF_ERROR(BIF_P, BADARG);
 }
-
-static int
-check_env_name(char *raw_name)
-{
-    byte *c = (byte *) raw_name;
-    int encoding;
-
-    if (!c)
-        return 0;
-    
-    encoding = erts_get_native_filename_encoding();
-
-    if (erts_raw_env_char_is_7bit_ascii_char('\0', c, encoding))
-        return 0; /* Do not allow empty name... */
-
-    /* Verify no '=' characters in variable name... */
-    do {
-        if (erts_raw_env_char_is_7bit_ascii_char('=', c, encoding))
-            return 0;
-        c = erts_raw_env_next_char(c, encoding);
-    } while (!erts_raw_env_char_is_7bit_ascii_char('\0', c, encoding));
-
-    return 1; /* Seems ok... */
-}
-- 
cgit v1.2.3