linux/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-05-29 04:53:17 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(dotenv): reject extremely large named pipes

Browse source
This commit is contained in:
Carlo Sala 2026-04-16 20:33:43 +02:00
commit a30c63e011
No known key found for this signature in database
GPG key ID: DA6FB450C1A4FE9A
2 changed files with 75 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

39
plugins/dotenv/tests/basic-parsing.zunit
View file

@ -82,6 +82,45 @@
assert "$result" equals 'secret'
}
@test 'source_env rejects oversized named pipes' {
run zsh -fc '
source ./dotenv.plugin.zsh
tmpdir="$(mktemp -d "${TMPDIR:-/tmp}/dotenv.XXXXXX")" || exit 1
fifo="$tmpdir/.env"
command mkfifo "$fifo" || exit 1
cleanup() {
kill $killer_pid 2>/dev/null || true
kill $writer_pid 2>/dev/null || true
wait $writer_pid 2>/dev/null || true
command rm -rf "$tmpdir"
}
trap cleanup EXIT
(
{
print -rn -- "BIG="
command dd if=/dev/zero bs=10485761 count=1 2>/dev/null | tr "\0" a
} > "$fifo"
) &
writer_pid=$!
(
sleep 2
kill -0 $$ 2>/dev/null || exit 0
kill $$ 2>/dev/null || exit 0
) &
killer_pid=$!
ZSH_DOTENV_PROMPT=false
ZSH_DOTENV_FILE="$fifo"
source_env >/dev/null 2>&1
'
assert $state equals 1
}
@test 'parse basic variable assignment' {
> "$fixture" <<'EOF'
# Basic assignments