diff options
Diffstat (limited to 'Use-secure_getenv-when-it-s-available.patch')
| -rw-r--r-- | Use-secure_getenv-when-it-s-available.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/Use-secure_getenv-when-it-s-available.patch b/Use-secure_getenv-when-it-s-available.patch new file mode 100644 index 0000000..7834800 --- /dev/null +++ b/Use-secure_getenv-when-it-s-available.patch @@ -0,0 +1,78 @@ +From bb33136afa333268705c26e4f7e75b93e88db9bd Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai <nalin@redhat.com> +Date: Tue, 3 May 2016 13:32:25 -0400 +Subject: [PATCH 1/3] Use secure_getenv() when it's available + +Factor out logic that attempts to only consult the environment when it's +safe to do so into its own function, and use secure_getenv() instead of +getenv() if it's available. Original report from +https://bugzilla.redhat.com/show_bug.cgi?id=1332508 + +(cherry picked from commit 39b21dac9bc6473365de04d94be0da94941c7c73) +--- + configure.ac | 3 ++- + src/lib/hesiod.c | 15 +++++++++++++-- + 2 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e5e94d4..9098afa 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -9,6 +9,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + AC_CONFIG_MACRO_DIR([m4]) + AC_CONFIG_SRCDIR([src/lib/hesiod.h]) + AC_CONFIG_HEADERS([config.h]) ++AC_USE_SYSTEM_EXTENSIONS + + # Checks for programs. + AC_PROG_CC +@@ -80,7 +81,7 @@ AC_EGREP_HEADER([pw_expire], [pwd.h], + # Checks for library functions. + AC_FUNC_MALLOC + AC_FUNC_REALLOC +-AC_CHECK_FUNCS([strchr strdup]) ++AC_CHECK_FUNCS([strchr strdup secure_getenv]) + + AC_CONFIG_FILES([ + Makefile +diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c +index c96aebe..2738713 100644 +--- a/src/lib/hesiod.c ++++ b/src/lib/hesiod.c +@@ -99,6 +99,17 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename); + static char **get_txt_records(struct hesiod_p *ctx, const char *name); + static int cistrcmp(const char *s1, const char *s2); + ++static const char *hesiod_getenv(const char *e) ++{ ++ if ((getuid() != geteuid()) || (getgid() != getegid())) ++ return NULL; ++#ifdef HAVE_SECURE_GETENV ++ return secure_getenv(e); ++#else ++ return getenv(e); ++#endif ++} ++ + /* This function is called to initialize a hesiod_p. */ + int hesiod_init(void **context) + { +@@ -109,13 +120,13 @@ int hesiod_init(void **context) + if (ctx) + { + *context = ctx; +- configname = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HESIOD_CONFIG") : NULL; ++ configname = hesiod_getenv("HESIOD_CONFIG"); + if (!configname) + configname = SYSCONFDIR "/hesiod.conf"; + if (read_config_file(ctx, configname) >= 0) + { + /* The default rhs can be overridden by an environment variable. */ +- p = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HES_DOMAIN") : NULL; ++ p = hesiod_getenv("HES_DOMAIN"); + if (p) + { + if (ctx->rhs) +-- +2.31.0 + |