From 41a51c2af915bc99851446cf604fac99eca1848f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Cristian=20Rodr=C3=ADguez?= Date: Mon, 11 Feb 2013 15:07:52 -0300 Subject: [PATCH] libkmod: Use secure_getenv if available "The secure_getenv() function is intended for use in general-purpose libraries to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs accidentally trusted the environment." --- configure.ac | 1 + libkmod/libkmod-private.h | 9 +++++++++ libkmod/libkmod.c | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 566b317d..1c6c7932 100644 --- a/configure.ac +++ b/configure.ac @@ -39,6 +39,7 @@ PKG_PROG_PKG_CONFIG ##################################################################### AC_CHECK_FUNCS_ONCE(__xstat) +AC_CHECK_FUNCS_ONCE([__secure_getenv secure_getenv]) # dietlibc doesn't have st.st_mtim struct member AC_CHECK_MEMBERS([struct stat.st_mtim], [], [], [#include ]) diff --git a/libkmod/libkmod-private.h b/libkmod/libkmod-private.h index 7748b143..8d8599a2 100644 --- a/libkmod/libkmod-private.h +++ b/libkmod/libkmod-private.h @@ -35,6 +35,15 @@ static _always_inline_ _printf_format_(2, 3) void #define KCMD_LINE_SIZE 4096 +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# warning neither secure_getenv nor __secure_getenv is available +# define secure_getenv getenv +# endif +#endif + void kmod_log(const struct kmod_ctx *ctx, int priority, const char *file, int line, const char *fn, const char *format, ...) __attribute__((format(printf, 6, 7))) __attribute__((nonnull(1, 3, 5))); diff --git a/libkmod/libkmod.c b/libkmod/libkmod.c index b3e1d6b1..2ef19d3f 100644 --- a/libkmod/libkmod.c +++ b/libkmod/libkmod.c @@ -254,7 +254,7 @@ KMOD_EXPORT struct kmod_ctx *kmod_new(const char *dirname, ctx->dirname = get_kernel_release(dirname); /* environment overwrites config */ - env = getenv("KMOD_LOG"); + env = secure_getenv("KMOD_LOG"); if (env != NULL) kmod_set_log_priority(ctx, log_priority(env)); -- 2.47.2