Use secure_getenv() instead of getenv() where appropriate

author Busayo Dada <toyinoluwabusayo@gmail.com>

Wed, 9 Apr 2025 16:23:23 +0000 (17:23 +0100)

committer Luca Boccassi <luca.boccassi@gmail.com>

Sat, 12 Apr 2025 10:48:22 +0000 (11:48 +0100)
author Busayo Dada <toyinoluwabusayo@gmail.com>
Wed, 9 Apr 2025 16:23:23 +0000 (17:23 +0100)
committer Luca Boccassi <luca.boccassi@gmail.com>
Sat, 12 Apr 2025 10:48:22 +0000 (11:48 +0100)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c

index 09c8e7c28f802075b8320d81d1921be7f46f38f3..d1132351325f9d2df26fdeb273c7756d07c3c4e7 100644 (file)
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -546,7 +546,7 @@ char* strv_env_get_n(char * const *l, const char *name, size_t k, ReplaceEnvFlag
                          return NULL;
  
                  t = strndupa_safe(name, k);
-                return getenv(t);
+                return secure_getenv(t);
          };
  
          return NULL;
@@ -1105,7 +1105,7 @@ int getenv_steal_erase(const char *name, char **ret) {
           * it from there. Usecase: reading passwords from the env block (which is a bad idea, but useful for
           * testing, and given that people are likely going to misuse this, be thorough) */
  
-        e = getenv(name);
+        e = secure_getenv(name);
          if (!e) {
                  if (ret)
                          *ret = NULL;
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c

index fede9d438e8bf983972e5c4c8c6b610d9a187407..9d953793a0d968e98d9ae583f9b00ee701f16798 100644 (file)
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -317,7 +317,7 @@ static bool keyed_hash_requested(void) {
          int r;
  
          if (cached < 0) {
-                r = getenv_bool("SYSTEMD_JOURNAL_KEYED_HASH");
+                r = secure_getenv_bool("SYSTEMD_JOURNAL_KEYED_HASH");
                  if (r < 0) {
                          if (r != -ENXIO)
                                  log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_KEYED_HASH environment variable, ignoring: %m");
@@ -334,7 +334,7 @@ static bool compact_mode_requested(void) {
          int r;
  
          if (cached < 0) {
-                r = getenv_bool("SYSTEMD_JOURNAL_COMPACT");
+                r = secure_getenv_bool("SYSTEMD_JOURNAL_COMPACT");
                  if (r < 0) {
                          if (r != -ENXIO)
                                  log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_COMPACT environment variable, ignoring: %m");
author	Busayo Dada <toyinoluwabusayo@gmail.com>
	Wed, 9 Apr 2025 16:23:23 +0000 (17:23 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Sat, 12 Apr 2025 10:48:22 +0000 (11:48 +0100)
src/basic/env-util.c		patch \| blob \| blame \| history
src/libsystemd/sd-journal/journal-file.c		patch \| blob \| blame \| history