From d0537cb7f2dc5877700ad78dfd191515379d4edc Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Thu, 7 Jan 2016 02:22:51 +0000 Subject: [PATCH 1/2] Check for issetugid() If secure version of getenv is not there then we can use issetugid() as aid to call getenv() Signed-off-by: Khem Raj --- Upstream-Status: Pending configure.ac | 1 + lib/config.c | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 1ded1a2..ee19e1f 100644 --- a/configure.ac +++ b/configure.ac @@ -125,6 +125,7 @@ AC_TYPE_OFF_T AC_TYPE_SIZE_T AC_CHECK_FUNCS([__secure_getenv secure_getenv]) +AC_CHECK_FUNCS([issetugid]) # Modify CFLAGS after all tests are run (some of them could fail because # of the -Werror). diff --git a/lib/config.c b/lib/config.c index 29e7120..30f9daf 100644 --- a/lib/config.c +++ b/lib/config.c @@ -44,8 +44,10 @@ # define safe_getenv(string) secure_getenv(string) #elif defined(HAVE___SECURE_GETENV) # define safe_getenv(string) __secure_getenv(string) +#elif defined(HAVE_ISSETUGID) +# define safe_getenv(string) safe_getenv_issetugid(string) #else -# error Neither secure_getenv not __secure_getenv are available +# error None of secure_getenv, __secure_getenv, or issetugid is available #endif struct config_config { @@ -59,6 +61,14 @@ struct config_key { GList *values; }; +static const char* +safe_getenv_issetugid(const char* name) +{ + if (issetugid ()) + return 0; + return getenv (name); +} + /* Compare two section names */ static int compare_section_names(gconstpointer a, gconstpointer b) -- 2.7.0