[security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) by serhiy-storchaka · Pull Request #2362

[security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) by serhiy-storchaka · Pull Request #2362 · python/cpython

Merged

larryhastings merged 2 commits intopython:3.4from

serhiy-storchaka:backport-d174d24-3.4

Jul 11, 2017

Merged

[security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325)#2362
larryhastings merged 2 commits intopython:3.4from
serhiy-storchaka:backport-d174d24-3.4

Conversation

Copy link Copy Markdown

Member

serhiy-storchaka commented
Jun 23, 2017

Prevent passing other invalid environment variables and command arguments..
(cherry picked from commit d174d24)

serhiy-storchaka added OS-windows type-security

A security issue

labels

Jun 23, 2017

the-knights-who-say-ni added the CLA signed label

Jun 23, 2017

Copy link Copy Markdown

mention-bot commented
Jun 23, 2017

@serhiy-storchaka, thanks for your PR! By analyzing the history of the files in this pull request, we identified @gvanrossum, @gpshead and @tim-one to be potential reviewers.

[3.4] bpo-30730: Prevent environment variables injection in subproces…

1be314a

…s on Windows. (pythonGH-2325)

Prevent passing other invalid environment variables and command arguments..
(cherry picked from commit d174d24)

serhiy-storchaka force-pushed the backport-d174d24-3.4 branch from ed4e0c7 to 1be314a Compare

June 24, 2017 13:25

vstinner changed the title ~~[3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325)~~ [security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325)