Use secure_getenv() where appropriate

ticket: 8800

diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 3f6b536517803f822045aa9a997378f6094b3a2b..5531a10fb431c040d89d673a8d02e2beb5ad4236 100644 (file)
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -73,7 +73,7 @@ krb5_aprof_init(char *fname, char *envname, krb5_pointer *acontextp)
     ret = krb5_get_default_config_files(&filenames);
     if (ret)
         return ret;
-    if (envname == NULL || (kdc_config = getenv(envname)) == NULL)
+    if (envname == NULL || (kdc_config = secure_getenv(envname)) == NULL)
         kdc_config = fname;
     k5_buf_init_dynamic(&buf);
     if (kdc_config)

diff --git a/src/lib/krb5/ccache/ccselect_k5identity.c b/src/lib/krb5/ccache/ccselect_k5identity.c
index bee54165873a4c196e18c6e11ab693b51bec3271..b2dbf8a09c59b6a5526ca40d5805b628845faa44 100644 (file)
--- a/src/lib/krb5/ccache/ccselect_k5identity.c
+++ b/src/lib/krb5/ccache/ccselect_k5identity.c
@@ -135,7 +135,7 @@ get_homedir(krb5_context context)
     struct passwd pwx, *pwd;
 
     if (!context->profile_secure)
-        homedir = getenv("HOME");
+        homedir = secure_getenv("HOME");
 
     if (homedir == NULL) {
         if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)

diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c
index e5cb3e44cd99ada2863d8a61ef6910f9994be82e..233173d35b94575a3f039ebb3c2ac41d0fedf24c 100644 (file)
--- a/src/lib/krb5/os/ccdefname.c
+++ b/src/lib/krb5/os/ccdefname.c
@@ -300,7 +300,7 @@ krb5_cc_default_name(krb5_context context)
         return os_ctx->default_ccname;
 
     /* Try the environment variable first. */
-    envstr = getenv(KRB5_ENV_CCNAME);
+    envstr = secure_getenv(KRB5_ENV_CCNAME);
     if (envstr != NULL) {
         os_ctx->default_ccname = strdup(envstr);
         return os_ctx->default_ccname;

diff --git a/src/lib/krb5/os/expand_path.c b/src/lib/krb5/os/expand_path.c
index 61fb234594e6bcde852c1bc93d7d282e22d6680d..4ce466c1944dd8a27e7b2e9ca6e6ec6cd0025cbe 100644 (file)
--- a/src/lib/krb5/os/expand_path.c
+++ b/src/lib/krb5/os/expand_path.c
@@ -280,7 +280,7 @@ expand_temp_folder(krb5_context context, PTYPE param, const char *postfix,
     const char *p = NULL;
 
     if (context == NULL || !context->profile_secure)
-        p = getenv("TMPDIR");
+        p = secure_getenv("TMPDIR");
     *ret = strdup((p != NULL) ? p : "/tmp");
     if (*ret == NULL)
         return ENOMEM;

diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index 09809b9325e7dbe95fcdb27eba102f89cb300d04..3aa86f4ad72fa7dd3e00201f8f25db271a0f4e63 100644 (file)
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -243,7 +243,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     char *name = 0;
 
     if (!secure) {
-        char *env = getenv("KRB5_CONFIG");
+        char *env = secure_getenv("KRB5_CONFIG");
         if (env) {
             name = strdup(env);
             if (!name) return ENOMEM;
@@ -298,7 +298,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     if (secure) {
         filepath = DEFAULT_SECURE_PROFILE_PATH;
     } else {
-        filepath = getenv("KRB5_CONFIG");
+        filepath = secure_getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;
     }
 
@@ -344,7 +344,7 @@ add_kdc_config_file(profile_filespec_t **pfiles)
     size_t count = 0;
     profile_filespec_t *newfiles;
 
-    file = getenv(KDC_PROFILE_ENV);
+    file = secure_getenv(KDC_PROFILE_ENV);
     if (file == NULL)
         file = DEFAULT_KDC_PROFILE;
 

diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
index ffbd14d519b0178f15f103100e33727fd295d8b0..fbe4e98b45cfb21a0ea1a6a802c931cddaf2f6bf 100644 (file)
--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
@@ -42,7 +42,7 @@ kt_default_name(krb5_context context, char **name_out)
         *name_out = strdup(krb5_overridekeyname);
         return (*name_out == NULL) ? ENOMEM : 0;
     } else if (context->profile_secure == FALSE &&
-               (str = getenv("KRB5_KTNAME")) != NULL) {
+               (str = secure_getenv("KRB5_KTNAME")) != NULL) {
         *name_out = strdup(str);
         return (*name_out == NULL) ? ENOMEM : 0;
     } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
@@ -63,7 +63,7 @@ k5_kt_client_default_name(krb5_context context, char **name_out)
     char *str;
 
     if (context->profile_secure == FALSE &&
-        (str = getenv("KRB5_CLIENT_KTNAME")) != NULL) {
+        (str = secure_getenv("KRB5_CLIENT_KTNAME")) != NULL) {
         *name_out = strdup(str);
         return (*name_out == NULL) ? ENOMEM : 0;
     } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,

diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index 4fff8f38c20bcf5cf24e1930aff5fb453417f296..2a03ae98067453f2143cca69004fc0af76dc1395 100644 (file)
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -389,7 +389,7 @@ k5_init_trace(krb5_context context)
 {
     const char *filename;
 
-    filename = getenv("KRB5_TRACE");
+    filename = secure_getenv("KRB5_TRACE");
     if (filename)
         (void) krb5_set_trace_filename(context, filename);
 }

diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c
index 373ac3046305bdea78d1e2b1451193c65e56adcc..9fa46432d919c3c14586e919b097a7a3c5bdf9a0 100644 (file)
--- a/src/lib/krb5/rcache/rc_base.c
+++ b/src/lib/krb5/rcache/rc_base.c
@@ -107,7 +107,7 @@ char *
 krb5_rc_default_type(krb5_context context)
 {
     char *s;
-    if ((s = getenv("KRB5RCACHETYPE")))
+    if ((s = secure_getenv("KRB5RCACHETYPE")))
         return s;
     else
         return "dfl";
@@ -117,7 +117,7 @@ char *
 krb5_rc_default_name(krb5_context context)
 {
     char *s;
-    if ((s = getenv("KRB5RCACHENAME")))
+    if ((s = secure_getenv("KRB5RCACHENAME")))
         return s;
     else
         return (char *) 0;

diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
index 35fa14a1fc1ed6f6fc265228b67439f02ff4584c..1800460b2a08498a03dbdc85b517b7d67a50aeba 100644 (file)
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -48,13 +48,13 @@ getdir(void)
 {
     char *dir;
 
-    if (!(dir = getenv("KRB5RCACHEDIR"))) {
+    if (!(dir = secure_getenv("KRB5RCACHEDIR"))) {
 #if defined(_WIN32)
         if (!(dir = getenv("TEMP")))
             if (!(dir = getenv("TMP")))
                 dir = "C:";
 #else
-        if (!(dir = getenv("TMPDIR"))) {
+        if (!(dir = secure_getenv("TMPDIR"))) {
 #ifdef RCTMPDIR
             dir = RCTMPDIR;
 #else

diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
index 8cd3fc64059e4cf741fc7ef2c012e85cbf0bfe8d..b89c5d015c303395199a4f24209a44e3ac5c2ae9 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -29,16 +29,10 @@
  * SUCH DAMAGES.
  */
 
-#include <errno.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
+#include "pkinit.h"
 #include <dlfcn.h>
-#include <unistd.h>
 #include <dirent.h>
 
-#include "pkinit.h"
-
 static void
 free_list(char **list)
 {
@@ -430,7 +424,8 @@ process_option_identity(krb5_context context,
     switch (idtype) {
     case IDTYPE_ENVVAR:
         return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
-                                       idopts, id_cryptoctx, getenv(residual));
+                                       idopts, id_cryptoctx,
+                                       secure_getenv(residual));
         break;
     case IDTYPE_FILE:
         retval = parse_fs_options(context, idopts, residual);

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 822632c90e21380e777439d5ce01eb6c31fe60c5..76a43b3cd3250f720f9028f96cbcfdea332a27d3 100644 (file)
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -399,7 +399,7 @@ load_anchor(SSL_CTX *ctx, const char *location)
     } else if (strncmp(location, "DIR:", 4) == 0) {
         return load_anchor_dir(store, location + 4);
     } else if (strncmp(location, "ENV:", 4) == 0) {
-        envloc = getenv(location + 4);
+        envloc = secure_getenv(location + 4);
         if (envloc == NULL)
             return ENOENT;
         return load_anchor(ctx, envloc);

diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
index 24e41fb80b9effc53593a408f67272eecda12e14..aa951df05f2e37529bf0bd9963d2a8b8d884e22a 100644 (file)
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -182,7 +182,7 @@ errcode_t profile_open_file(const_profile_filespec_t filespec,
     prf->magic = PROF_MAGIC_FILE;
 
     if (filespec[0] == '~' && filespec[1] == '/') {
-        home_env = getenv("HOME");
+        home_env = secure_getenv("HOME");
 #ifdef HAVE_PWD_H
         if (home_env == NULL) {
             uid_t uid;