From c2d70945dce9cb09d5d7120d6e9ddf7faac8d230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org>
Date: Wed, 22 Nov 2017 13:19:57 +0100
Subject: Replace the libc environment with a thread-safe emulation

putenv(3) and friends aren't thread-safe regardless of how you slice
it; a global lock around all environment operations (like before)
keeps things safe as far as our own operations go, but we have
absolutely no control over what libc or a library dragged in by a
driver/NIF does -- they're free to call getenv(3) or putenv(3)
without honoring our lock.

This commit solves this by setting up an "emulated" environment which
can't be touched without going through our interfaces. Third-party
libraries can still shoot themselves in the foot but benign uses of
os:putenv/2 will no longer risk crashing the emulator.
---
 lib/kernel/src/os.erl | 76 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 47 insertions(+), 29 deletions(-)

(limited to 'lib')

diff --git a/lib/kernel/src/os.erl b/lib/kernel/src/os.erl
index b5f19d4b99..fbc046c8f9 100644
--- a/lib/kernel/src/os.erl
+++ b/lib/kernel/src/os.erl
@@ -27,12 +27,13 @@
 
 -export_type([env_var_name/0, env_var_value/0, env_var_name_value/0, command_input/0]).
 
+-export([getenv/0, getenv/1, getenv/2, putenv/2, unsetenv/1]).
+
 %%% BIFs
 
--export([getenv/0, getenv/1, getenv/2, getpid/0,
-         perf_counter/0, perf_counter/1,
-         putenv/2, set_signal/2, system_time/0, system_time/1,
-	 timestamp/0, unsetenv/1]).
+-export([get_env_var/1, getpid/0, list_env_vars/0, perf_counter/0,
+         perf_counter/1, set_env_var/2, set_signal/2, system_time/0,
+         system_time/1, timestamp/0, unset_env_var/1]).
 
 -type env_var_name() :: nonempty_string().
 
@@ -42,29 +43,15 @@
 
 -type command_input() :: atom() | io_lib:chars().
 
--spec getenv() -> [env_var_name_value()].
-
-getenv() -> erlang:nif_error(undef).
-
--spec getenv(VarName) -> Value | false when
-      VarName :: env_var_name(),
-      Value :: env_var_value().
-
-getenv(_) ->
+-spec list_env_vars() -> [{env_var_name(), env_var_value()}].
+list_env_vars() ->
     erlang:nif_error(undef).
 
--spec getenv(VarName, DefaultValue) -> Value when
+-spec get_env_var(VarName) -> Value | false when
       VarName :: env_var_name(),
-      DefaultValue :: env_var_value(),
       Value :: env_var_value().
-
-getenv(VarName, DefaultValue) ->
-    case os:getenv(VarName) of
-        false ->
-           DefaultValue;
-        Value ->
-            Value
-    end.
+get_env_var(_VarName) ->
+    erlang:nif_error(undef).
 
 -spec getpid() -> Value when
       Value :: string().
@@ -84,11 +71,10 @@ perf_counter() ->
 perf_counter(Unit) ->
       erlang:convert_time_unit(os:perf_counter(), perf_counter, Unit).
 
--spec putenv(VarName, Value) -> true when
+-spec set_env_var(VarName, Value) -> true when
       VarName :: env_var_name(),
       Value :: env_var_value().
-
-putenv(_, _) ->
+set_env_var(_, _) ->
     erlang:nif_error(undef).
 
 -spec system_time() -> integer().
@@ -108,10 +94,9 @@ system_time(_Unit) ->
 timestamp() ->
     erlang:nif_error(undef).
 
--spec unsetenv(VarName) -> true when
+-spec unset_env_var(VarName) -> true when
       VarName :: env_var_name().
-
-unsetenv(_) ->
+unset_env_var(_) ->
     erlang:nif_error(undef).
 
 -spec set_signal(Signal, Option) -> 'ok' when
@@ -125,6 +110,39 @@ set_signal(_Signal, _Option) ->
 
 %%% End of BIFs
 
+-spec getenv() -> [env_var_name_value()].
+getenv() ->
+    [lists:flatten([Key, $=, Value]) || {Key, Value} <- os:list_env_vars() ].
+
+-spec getenv(VarName) -> Value | false when
+      VarName :: env_var_name(),
+      Value :: env_var_value().
+getenv(VarName) ->
+    os:get_env_var(VarName).
+
+-spec getenv(VarName, DefaultValue) -> Value when
+      VarName :: env_var_name(),
+      DefaultValue :: env_var_value(),
+      Value :: env_var_value().
+getenv(VarName, DefaultValue) ->
+    case os:getenv(VarName) of
+        false ->
+           DefaultValue;
+        Value ->
+            Value
+    end.
+
+-spec putenv(VarName, Value) -> true when
+      VarName :: env_var_name(),
+      Value :: env_var_value().
+putenv(VarName, Value) ->
+    os:set_env_var(VarName, Value).
+
+-spec unsetenv(VarName) -> true when
+      VarName :: env_var_name().
+unsetenv(VarName) ->
+    os:unset_env_var(VarName).
+
 -spec type() -> {Osfamily, Osname} when
       Osfamily :: unix | win32,
       Osname :: atom().
-- 
cgit v1.2.3


From d469368b9e14b9834017a7cf318f02950a4aadcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20H=C3=B6gberg?= <john@erlang.org>
Date: Fri, 1 Dec 2017 12:22:53 +0100
Subject: Disallow NULs in filename-encoded strings

Previously we accepted trailing NULs, which was backwards compatible
as such usage never resulted in misbehavior in the first place. The
downside is that it prevented erts_native_filename_need from
returning an accurate number of *actual characters*, needlessly
complicating encoding-agnostic code like erts_osenv.
---
 lib/kernel/doc/src/file.xml |  7 -------
 lib/kernel/doc/src/os.xml   | 19 ++-----------------
 2 files changed, 2 insertions(+), 24 deletions(-)

(limited to 'lib')

diff --git a/lib/kernel/doc/src/file.xml b/lib/kernel/doc/src/file.xml
index 58abb35428..8477b0e148 100644
--- a/lib/kernel/doc/src/file.xml
+++ b/lib/kernel/doc/src/file.xml
@@ -93,13 +93,6 @@
       are now <em>rejected</em> and will cause primitive
       file operations fail.
     </p></note>
-    <warning><p>
-      Currently null characters at the end of the filename
-      will be accepted by primitive file operations. Such
-      filenames are however still documented as invalid. The
-      implementation will also change in the future and
-      reject such filenames.
-    </p></warning>
 
   </description>
 
diff --git a/lib/kernel/doc/src/os.xml b/lib/kernel/doc/src/os.xml
index 0a08e2c78a..c27182ff0b 100644
--- a/lib/kernel/doc/src/os.xml
+++ b/lib/kernel/doc/src/os.xml
@@ -58,17 +58,6 @@
 	operations to fail.
       </p>
     </note>
-    <warning>
-      <p>
-	Currently null characters at the end of filenames,
-	environment variable names and values will be accepted
-	by the primitive operations. Such filenames, environment
-	variable names and values are however still documented as
-	invalid. The implementation will also change in the
-	future and reject such filenames, environment variable
-	names and values.
-      </p>
-    </warning>
   </description>
 
   <datatypes>
@@ -143,12 +132,8 @@
 	  <warning><p>Previous implementation used to allow all characters
 	  as long as they were integer values greater than or equal to zero.
 	  This sometimes lead to unwanted results since null characters
-	  (integer value zero) often are interpreted as string termination.
-	  Current implementation still accepts null characters at the end
-	  of <c><anno>Command</anno></c> even though the documentation
-	  states that no null characters are allowed. This will however
-	  be changed in the future so that no null characters at all will
-	  be accepted.</p></warning>
+	  (integer value zero) often are interpreted as string termination. The
+	  current implementation rejects these.</p></warning>
         <p><em>Examples:</em></p>
         <code type="none">
 LsOut = os:cmd("ls"), % on unix platform
-- 
cgit v1.2.3