From: Busayo Dada Date: Wed, 9 Apr 2025 16:23:23 +0000 (+0100) Subject: Use secure_getenv() instead of getenv() where appropriate X-Git-Tag: v258-rc1~835 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a51804a5ff0953a27d1e5910c42c78d139ab074f;p=thirdparty%2Fsystemd.git Use secure_getenv() instead of getenv() where appropriate --- diff --git a/src/basic/env-util.c b/src/basic/env-util.c index 09c8e7c28f8..d1132351325 100644 --- a/src/basic/env-util.c +++ b/src/basic/env-util.c @@ -546,7 +546,7 @@ char* strv_env_get_n(char * const *l, const char *name, size_t k, ReplaceEnvFlag return NULL; t = strndupa_safe(name, k); - return getenv(t); + return secure_getenv(t); }; return NULL; @@ -1105,7 +1105,7 @@ int getenv_steal_erase(const char *name, char **ret) { * it from there. Usecase: reading passwords from the env block (which is a bad idea, but useful for * testing, and given that people are likely going to misuse this, be thorough) */ - e = getenv(name); + e = secure_getenv(name); if (!e) { if (ret) *ret = NULL; diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c index fede9d438e8..9d953793a0d 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c @@ -317,7 +317,7 @@ static bool keyed_hash_requested(void) { int r; if (cached < 0) { - r = getenv_bool("SYSTEMD_JOURNAL_KEYED_HASH"); + r = secure_getenv_bool("SYSTEMD_JOURNAL_KEYED_HASH"); if (r < 0) { if (r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_KEYED_HASH environment variable, ignoring: %m"); @@ -334,7 +334,7 @@ static bool compact_mode_requested(void) { int r; if (cached < 0) { - r = getenv_bool("SYSTEMD_JOURNAL_COMPACT"); + r = secure_getenv_bool("SYSTEMD_JOURNAL_COMPACT"); if (r < 0) { if (r != -ENXIO) log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_COMPACT environment variable, ignoring: %m");