From a8692d25ea7457443ad49dc9187ca54d7a8faa55 Mon Sep 17 00:00:00 2001
Message-Id: <a8692d25ea7457443ad49dc9187ca54d7a8faa55.1383321465.git.jdenemar@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Wed, 30 Oct 2013 17:01:52 +0000
Subject: [PATCH] Block all use of getenv with syntax-check

For

  https://bugzilla.redhat.com/show_bug.cgi?id=1015247

The use of getenv is typically insecure, and we want people
to use our wrappers, to force them to think about setuid
needs.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 71b21f12bece1127b28b404f11f57b4c2d48983a)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 cfg.mk             | 8 ++++++++
 src/util/virutil.c | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/cfg.mk b/cfg.mk
index aa2e1a1..f2cd411 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -836,6 +836,11 @@ sc_prohibit_unbounded_arrays_in_rpc:
 	halt='Arrays in XDR must have a upper limit set for <NNN>'	\
 	  $(_sc_search_regexp)
 
+sc_prohibit_getenv:
+	@prohibit='\b(secure_)?getenv *\('				\
+	exclude='exempt from syntax-check'				\
+	halt='Use virGetEnv{Allow,Block}SUID instead of getenv'		\
+	  $(_sc_search_regexp)
 
 # We don't use this feature of maint.mk.
 prev_version_file = /dev/null
@@ -1005,3 +1010,6 @@ exclude_file_name_regexp--sc_prohibit_include_public_headers_brackets = \
 
 exclude_file_name_regexp--sc_prohibit_int_ijk = \
   ^(src/remote_protocol-structs|src/remote/remote_protocol.x|cfg.mk|include/)$
+
+exclude_file_name_regexp--sc_prohibit_getenv = \
+  ^tests/.*\.[ch]$$
diff --git a/src/util/virutil.c b/src/util/virutil.c
index 2b3cbeb..21827f2 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -2108,7 +2108,7 @@ cleanup:
  */
 const char *virGetEnvBlockSUID(const char *name)
 {
-    return secure_getenv(name);
+    return secure_getenv(name); /* exempt from syntax-check-rules */
 }
 
 
@@ -2122,7 +2122,7 @@ const char *virGetEnvBlockSUID(const char *name)
  */
 const char *virGetEnvAllowSUID(const char *name)
 {
-    return getenv(name);
+    return getenv(name); /* exempt from syntax-check-rules */
 }
 
 
-- 
1.8.4.2