Merge pull request #1360 from theopolis/fix_1356

[Fix #1356] Tokenize process environ by '\0' on Linux

osquery/core/text.cpp

@@ -21,8 +21,10 @@ namespace osquery {
 std::vector<std::string> split(const std::string& s, const std::string& delim) {
   std::vector<std::string> elems;
   boost::split(elems, s, boost::is_any_of(delim));
-  auto start = std::remove_if(
-      elems.begin(), elems.end(), [](const std::string& s) { return s == ""; });
+  auto start =
+      std::remove_if(elems.begin(), elems.end(), [](const std::string& s) {
+        return s.size() == 0;
+      });
   elems.erase(start, elems.end());
   for (auto& each : elems) {
     boost::algorithm::trim(each);
@@ -35,7 +37,7 @@ std::vector<std::string> split(const std::string& s,
                                size_t occurences) {
   // Split the string normally with the required delimiter.
   auto content = split(s, delim);
-  // While the result split exceeds the number of requested occurences, join.
+  // While the result split exceeds the number of requested occurrences, join.
   std::vector<std::string> accumulator;
   std::vector<std::string> elems;
   for (size_t i = 0; i < content.size(); i++) {

osquery/tables/system/linux/processes.cpp

@@ -61,7 +61,11 @@ void genProcessEnvironment(const std::string& pid, QueryData& results) {
 
   std::string content;
   readFile(attr, content);
-  for (const auto& buf : osquery::split(content, "\n")) {
+  const char* variable = content.c_str();
+
+  // Stop at the end of nul-delimited string content.
+  while (*variable > 0) {
+    auto buf = std::string(variable);
     size_t idx = buf.find_first_of("=");
 
     Row r;
@@ -69,6 +73,7 @@ void genProcessEnvironment(const std::string& pid, QueryData& results) {
     r["key"] = buf.substr(0, idx);
     r["value"] = buf.substr(idx + 1);
     results.push_back(r);
+    variable += buf.size() + 1;
   }
 }