From 54491d275184428be6e28e3f22f04859b7288105 Mon Sep 17 00:00:00 2001
From: Eric Blake <ebb9@byu.net>
Date: Wed, 28 Oct 2009 06:21:24 -0600
Subject: printenv: ignore bogus variable names

Exposed by env a=b=c printenv a=b.

* src/printenv.c (main): Silently reject = in names.
* tests/misc/printenv: Test for it.
* NEWS: Document this.
---
 NEWS                | 3 ++-
 src/printenv.c      | 4 ++++
 tests/misc/printenv | 6 ++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 442ce13f3..35d141323 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,8 @@ GNU coreutils NEWS                                    -*- outline -*-
   [bug introduced in coreutils-8.0]
 
   env -u A=B now fails, rather than silently adding A to the
-  environment.  [the bug dates back to the initial implementation]
+  environment.  Likewise, printenv A=B silently ignores the invalid
+  name.  [the bugs date back to the initial implementation]
 
   md5sum now prints checksums atomically so that concurrent
   processes will not intersperse their output.
diff --git a/src/printenv.c b/src/printenv.c
index b0f0154b2..acf09bdc7 100644
--- a/src/printenv.c
+++ b/src/printenv.c
@@ -125,6 +125,10 @@ main (int argc, char **argv)
         {
           bool matched = false;
 
+          /* 'printenv a=b' is silent, even if 'a=b=c' is in environ.  */
+          if (strchr (argv[i], '='))
+            continue;
+
           for (env = environ; *env; ++env)
             {
               ep = *env;
diff --git a/tests/misc/printenv b/tests/misc/printenv
index bbda1dbd4..bc51fca0b 100755
--- a/tests/misc/printenv
+++ b/tests/misc/printenv
@@ -77,4 +77,10 @@ echo b > exp || framework_failure
 env -- -a=b printenv -- -a > out || fail=1
 compare exp out || fail=1
 
+# Silently reject invalid env-var names.
+# Bug present through coreutils 8.0.
+env a=b=c printenv a=b > out
+test $? = 1 || fail=1
+test -s out && fail=1
+
 Exit $fail
-- 
cgit v1.2.3-54-g00ecf