gryf/wmaker
1
0
Fork 0
mirror of https://github.com/gryf/wmaker.git synced 2025-12-23 22:52:34 +01:00
Code Issues Projects Releases Wiki Activity

WUtil: make use of secure_getenv if the function is available

Browse Source 
As pointed by Coverity (#50226), the function getenv can return unreliable
data, so if a sensitive application makes uses of the function 'wgethomedir'
or 'wusergnusteppath' we'd better use the GNU function secure_getenv which
ignore environment variable when used in a known critical cases.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This commit is contained in:
Christophe CURIS
2014-05-18 00:56:43 +02:00
committed by Carlos R. Mafra
parent 3aae412588
commit a72c166b6e
4 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
WINGs/userdefaults.c
View File

@@ -58,7 +58,11 @@ const char *wusergnusteppath()
/* Value have been already computed, re-use it */
return path;
#ifdef HAVE_SECURE_GETENV
gspath = secure_getenv("GNUSTEP_USER_ROOT");
#else
gspath = getenv("GNUSTEP_USER_ROOT");
#endif
if (gspath) {
gspath = wexpandpath(gspath);
if (gspath) {