|
 |
1acd6d |
From bb33136afa333268705c26e4f7e75b93e88db9bd Mon Sep 17 00:00:00 2001
|
|
|
1acd6d |
From: Nalin Dahyabhai <nalin@redhat.com>
|
|
|
1acd6d |
Date: Tue, 3 May 2016 13:32:25 -0400
|
|
|
1acd6d |
Subject: [PATCH 1/3] Use secure_getenv() when it's available
|
|
|
1acd6d |
|
|
|
1acd6d |
Factor out logic that attempts to only consult the environment when it's
|
|
|
1acd6d |
safe to do so into its own function, and use secure_getenv() instead of
|
|
|
1acd6d |
getenv() if it's available. Original report from
|
|
|
1acd6d |
https://bugzilla.redhat.com/show_bug.cgi?id=1332508
|
|
|
1acd6d |
|
|
|
1acd6d |
(cherry picked from commit 39b21dac9bc6473365de04d94be0da94941c7c73)
|
|
|
1acd6d |
---
|
|
|
1acd6d |
configure.ac | 3 ++-
|
|
|
1acd6d |
src/lib/hesiod.c | 15 +++++++++++++--
|
|
|
1acd6d |
2 files changed, 15 insertions(+), 3 deletions(-)
|
|
|
1acd6d |
|
|
|
1acd6d |
diff --git a/configure.ac b/configure.ac
|
|
|
1acd6d |
index e5e94d4..9098afa 100644
|
|
|
1acd6d |
--- a/configure.ac
|
|
|
1acd6d |
+++ b/configure.ac
|
|
|
1acd6d |
@@ -9,6 +9,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
|
|
|
1acd6d |
AC_CONFIG_MACRO_DIR([m4])
|
|
|
1acd6d |
AC_CONFIG_SRCDIR([src/lib/hesiod.h])
|
|
|
1acd6d |
AC_CONFIG_HEADERS([config.h])
|
|
|
1acd6d |
+AC_USE_SYSTEM_EXTENSIONS
|
|
|
1acd6d |
|
|
|
1acd6d |
# Checks for programs.
|
|
|
1acd6d |
AC_PROG_CC
|
|
|
1acd6d |
@@ -80,7 +81,7 @@ AC_EGREP_HEADER([pw_expire], [pwd.h],
|
|
|
1acd6d |
# Checks for library functions.
|
|
|
1acd6d |
AC_FUNC_MALLOC
|
|
|
1acd6d |
AC_FUNC_REALLOC
|
|
|
1acd6d |
-AC_CHECK_FUNCS([strchr strdup])
|
|
|
1acd6d |
+AC_CHECK_FUNCS([strchr strdup secure_getenv])
|
|
|
1acd6d |
|
|
|
1acd6d |
AC_CONFIG_FILES([
|
|
|
1acd6d |
Makefile
|
|
|
1acd6d |
diff --git a/src/lib/hesiod.c b/src/lib/hesiod.c
|
|
|
1acd6d |
index c96aebe..2738713 100644
|
|
|
1acd6d |
--- a/src/lib/hesiod.c
|
|
|
1acd6d |
+++ b/src/lib/hesiod.c
|
|
|
1acd6d |
@@ -99,6 +99,17 @@ static int read_config_file(struct hesiod_p *ctx, const char *filename);
|
|
|
1acd6d |
static char **get_txt_records(struct hesiod_p *ctx, const char *name);
|
|
|
1acd6d |
static int cistrcmp(const char *s1, const char *s2);
|
|
|
1acd6d |
|
|
|
1acd6d |
+static const char *hesiod_getenv(const char *e)
|
|
|
1acd6d |
+{
|
|
|
1acd6d |
+ if ((getuid() != geteuid()) || (getgid() != getegid()))
|
|
|
1acd6d |
+ return NULL;
|
|
|
1acd6d |
+#ifdef HAVE_SECURE_GETENV
|
|
|
1acd6d |
+ return secure_getenv(e);
|
|
|
1acd6d |
+#else
|
|
|
1acd6d |
+ return getenv(e);
|
|
|
1acd6d |
+#endif
|
|
|
1acd6d |
+}
|
|
|
1acd6d |
+
|
|
|
1acd6d |
/* This function is called to initialize a hesiod_p. */
|
|
|
1acd6d |
int hesiod_init(void **context)
|
|
|
1acd6d |
{
|
|
|
1acd6d |
@@ -109,13 +120,13 @@ int hesiod_init(void **context)
|
|
|
1acd6d |
if (ctx)
|
|
|
1acd6d |
{
|
|
|
1acd6d |
*context = ctx;
|
|
|
1acd6d |
- configname = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HESIOD_CONFIG") : NULL;
|
|
|
1acd6d |
+ configname = hesiod_getenv("HESIOD_CONFIG");
|
|
|
1acd6d |
if (!configname)
|
|
|
1acd6d |
configname = SYSCONFDIR "/hesiod.conf";
|
|
|
1acd6d |
if (read_config_file(ctx, configname) >= 0)
|
|
|
1acd6d |
{
|
|
|
1acd6d |
/* The default rhs can be overridden by an environment variable. */
|
|
|
1acd6d |
- p = ((getuid() == geteuid()) && (getgid() == getegid())) ? getenv("HES_DOMAIN") : NULL;
|
|
|
1acd6d |
+ p = hesiod_getenv("HES_DOMAIN");
|
|
|
1acd6d |
if (p)
|
|
|
1acd6d |
{
|
|
|
1acd6d |
if (ctx->rhs)
|
|
|
1acd6d |
--
|
|
|
1acd6d |
2.31.0
|
|
|
1acd6d |
|