From: Cristian Rodríguez Date: Mon, 11 Feb 2013 18:07:52 +0000 (-0300) Subject: libkmod: Use secure_getenv if available X-Git-Tag: v13~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41a51c2af915bc99851446cf604fac99eca1848f;p=thirdparty%2Fkmod.git libkmod: Use secure_getenv if available "The secure_getenv() function is intended for use in general-purpose libraries to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs accidentally trusted the environment." --- diff --git a/configure.ac b/configure.ac index 566b317d..1c6c7932 100644 --- a/configure.ac +++ b/configure.ac @@ -39,6 +39,7 @@ PKG_PROG_PKG_CONFIG ##################################################################### AC_CHECK_FUNCS_ONCE(__xstat) +AC_CHECK_FUNCS_ONCE([__secure_getenv secure_getenv]) # dietlibc doesn't have st.st_mtim struct member AC_CHECK_MEMBERS([struct stat.st_mtim], [], [], [#include ]) diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h index 7748b143..8d8599a2 100644 --- a/libkmod/libkmod-private.h +++ b/libkmod/libkmod-private.h @@ -35,6 +35,15 @@ static _always_inline_ _printf_format_(2, 3) void #define KCMD_LINE_SIZE 4096 +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# warning neither secure_getenv nor __secure_getenv is available +# define secure_getenv getenv +# endif +#endif + void kmod_log(const struct kmod_ctx *ctx, int priority, const char *file, int line, const char *fn, const char *format, ...) __attribute__((format(printf, 6, 7))) __attribute__((nonnull(1, 3, 5))); diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c index b3e1d6b1..2ef19d3f 100644 --- a/libkmod/libkmod.c +++ b/libkmod/libkmod.c @@ -254,7 +254,7 @@ KMOD_EXPORT struct kmod_ctx *kmod_new(const char *dirname, ctx->dirname = get_kernel_release(dirname); /* environment overwrites config */ - env = getenv("KMOD_LOG"); + env = secure_getenv("KMOD_LOG"); if (env != NULL) kmod_set_log_priority(ctx, log_priority(env));