2011-11-14 12:06:50 -07:00
|
|
|
// Copyright 2010 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
// Windows environment variables.
|
|
|
|
|
|
|
|
package syscall
|
|
|
|
|
|
|
|
import (
|
|
|
|
"unicode/utf16"
|
|
|
|
"unsafe"
|
|
|
|
)
|
|
|
|
|
|
|
|
func Getenv(key string) (value string, found bool) {
|
syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 15:24:32 -06:00
|
|
|
keyp, err := UTF16PtrFromString(key)
|
|
|
|
if err != nil {
|
|
|
|
return "", false
|
|
|
|
}
|
2011-11-14 12:06:50 -07:00
|
|
|
b := make([]uint16, 100)
|
syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 15:24:32 -06:00
|
|
|
n, e := GetEnvironmentVariable(keyp, &b[0], uint32(len(b)))
|
2011-11-14 12:06:50 -07:00
|
|
|
if n == 0 && e == ERROR_ENVVAR_NOT_FOUND {
|
|
|
|
return "", false
|
|
|
|
}
|
|
|
|
if n > uint32(len(b)) {
|
|
|
|
b = make([]uint16, n)
|
syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 15:24:32 -06:00
|
|
|
n, e = GetEnvironmentVariable(keyp, &b[0], uint32(len(b)))
|
2011-11-14 12:06:50 -07:00
|
|
|
if n > uint32(len(b)) {
|
|
|
|
n = 0
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return string(utf16.Decode(b[0:n])), true
|
|
|
|
}
|
|
|
|
|
|
|
|
func Setenv(key, value string) error {
|
2013-06-26 18:11:30 -06:00
|
|
|
v, err := UTF16PtrFromString(value)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 15:24:32 -06:00
|
|
|
}
|
|
|
|
keyp, err := UTF16PtrFromString(key)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2011-11-14 12:06:50 -07:00
|
|
|
}
|
syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.
R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 15:24:32 -06:00
|
|
|
e := SetEnvironmentVariable(keyp, v)
|
2011-11-14 12:06:50 -07:00
|
|
|
if e != nil {
|
|
|
|
return e
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Clearenv() {
|
|
|
|
for _, s := range Environ() {
|
|
|
|
// Environment variables can begin with =
|
|
|
|
// so start looking for the separator = at j=1.
|
|
|
|
// http://blogs.msdn.com/b/oldnewthing/archive/2010/05/06/10008132.aspx
|
|
|
|
for j := 1; j < len(s); j++ {
|
|
|
|
if s[j] == '=' {
|
|
|
|
Setenv(s[0:j], "")
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func Environ() []string {
|
|
|
|
s, e := GetEnvironmentStrings()
|
|
|
|
if e != nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
defer FreeEnvironmentStrings(s)
|
|
|
|
r := make([]string, 0, 50) // Empty with room to grow.
|
|
|
|
for from, i, p := 0, 0, (*[1 << 24]uint16)(unsafe.Pointer(s)); true; i++ {
|
|
|
|
if p[i] == 0 {
|
|
|
|
// empty string marks the end
|
|
|
|
if i <= from {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
r = append(r, string(utf16.Decode(p[from:i])))
|
|
|
|
from = i + 1
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return r
|
|
|
|
}
|