mirrors/labwc
1
0
Fork 0
mirror of https://github.com/labwc/labwc.git synced 2025-11-02 09:01:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

environment: ignore env var assignments > 1 KiB (#2325)

Browse source 
...to guard against recursive constructs like FOO=$FOO:bar which would
grow on each reconfigure.

Add log message as well as a warning against this in the man page.
This commit is contained in:
Johan Malm 2024-11-10 20:40:51 +00:00 committed by GitHub
parent fc774d0071
commit a88c721979
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/labwc-config.5.scd
View file

@ -50,9 +50,14 @@ that directory contains either the "environment" file or at least one
Note: environment files are treated differently by Openbox, which will simply Note: environment files are treated differently by Openbox, which will simply
source the file as a valid shell script before running the window manager. Files source the file as a valid shell script before running the window manager. Files
are instead parsed directly by labwc, although any environment variables are instead parsed directly by labwc so that environment variables can be
referenced as $VARIABLE or ${VARIABLE} will be substituted and the tilde (~) re-loaded on --reconfigure.
will be expanded as the user's home directory.
Any environment variables referenced as $VARIABLE or ${VARIABLE} will be
substituted and the tilde (~) will be expanded as the user's home directory.
Please note that as labwc reloads the environment file(s) on reconfigure,
recursive/circular assignments (for example FOO=$FOO:bar) should not be made.
The *autostart* file is executed as a shell script after labwc has read its The *autostart* file is executed as a shell script after labwc has read its
configuration and set variables defined in the environment file. Additionally, configuration and set variables defined in the environment file. Additionally,

25
src/config/session.c
View file

@ -33,6 +33,7 @@ static const char *const env_vars[] = {
NULL NULL
}; };
#define LAB_ENV_VAR_MAX_SIZE 1024
static void static void
process_line(char *line) process_line(char *line)
{ {
@ -52,12 +53,36 @@ process_line(char *line)
struct buf value = BUF_INIT; struct buf value = BUF_INIT;
buf_add(&value, string_strip(++p)); buf_add(&value, string_strip(++p));
/*
* Users should not assign environment variables recursively (for
* example FOO=$FOO:bar) in the environment file because they would just
* keep growing on reconfigure. We could of course try to remember the
* original values, but it adds complexity for which we currently cannot
* see a use-case that could not easily be handled by some shell scripts
* separate from the environment file.
*
* Consequently we just check the size of the environment variables to
* defensively handle that growth issue in the case of inadvertent
* recursion.
*/
if (value.len > LAB_ENV_VAR_MAX_SIZE) {
wlr_log(WLR_ERROR, "ignoring environment variable assignment as "
"its size is greater than %d bytes which indicates recursion "
"(%s=%s)", LAB_ENV_VAR_MAX_SIZE, key, value.data);
goto err;
}
buf_expand_shell_variables(&value); buf_expand_shell_variables(&value);
buf_expand_tilde(&value); buf_expand_tilde(&value);
setenv(key, value.data, 1); setenv(key, value.data, 1);
err:
buf_reset(&value); buf_reset(&value);
} }
#undef LAB_ENV_VAR_MAX_SIZE
/* return true on successful read */ /* return true on successful read */
static bool static bool
read_environment_file(const char *filename) read_environment_file(const char *filename)