gryf/wmaker
1
0
Fork 0
mirror of https://github.com/gryf/wmaker.git synced 2025-12-19 04:20:27 +01:00
Code Issues Projects Releases Wiki Activity

WUtil: make use of secure_getenv if the function is available

Browse Source 
As pointed by Coverity (#50226), the function getenv can return unreliable
data, so if a sensitive application makes uses of the function 'wgethomedir'
or 'wusergnusteppath' we'd better use the GNU function secure_getenv which
ignore environment variable when used in a known critical cases.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
This commit is contained in:
Christophe CURIS
2014-05-18 00:56:43 +02:00
committed by Carlos R. Mafra
parent 3aae412588
commit a72c166b6e
4 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
WINGs/findfile.c
View File

@@ -46,7 +46,11 @@ char *wgethomedir()
if (home) if (home)
return home; return home;
#ifdef HAVE_SECURE_GETENV
tmp = secure_getenv("HOME");
#else
tmp = getenv("HOME"); tmp = getenv("HOME");
#endif
if (tmp) { if (tmp) {
home = wstrdup(tmp); home = wstrdup(tmp);
return home; return home;

4
WINGs/userdefaults.c
View File

@@ -58,7 +58,11 @@ const char *wusergnusteppath()
/* Value have been already computed, re-use it */ /* Value have been already computed, re-use it */
return path; return path;
#ifdef HAVE_SECURE_GETENV
gspath = secure_getenv("GNUSTEP_USER_ROOT");
#else
gspath = getenv("GNUSTEP_USER_ROOT"); gspath = getenv("GNUSTEP_USER_ROOT");
#endif
if (gspath) { if (gspath) {
gspath = wexpandpath(gspath); gspath = wexpandpath(gspath);
if (gspath) { if (gspath) {

1
configure.ac
View File

@@ -253,6 +253,7 @@ dnl ============================
dnl not used anywhere dnl not used anywhere
AC_FUNC_MEMCMP AC_FUNC_MEMCMP
AC_FUNC_VPRINTF AC_FUNC_VPRINTF
WM_FUNC_SECURE_GETENV
AC_CHECK_FUNCS(gethostname select poll strcasecmp strncasecmp \ AC_CHECK_FUNCS(gethostname select poll strcasecmp strncasecmp \
setsid mallinfo mkstemp sysconf) setsid mallinfo mkstemp sysconf)
AC_SEARCH_LIBS([strerror], [cposix]) AC_SEARCH_LIBS([strerror], [cposix])

25
m4/windowmaker.m4
View File

@@ -182,3 +182,28 @@ m4_popdef([ENABLEVAR])dnl
m4_popdef([CACHEVAR])dnl m4_popdef([CACHEVAR])dnl
m4_popdef([USEVAR])dnl m4_popdef([USEVAR])dnl
]) ])
# WM_FUNC_SECURE_GETENV
# ---------------------
#
# Check if the function 'secure_getenv' is available
# If found, defines HAVE_SECURE_GETENV
AC_DEFUN_ONCE([WM_FUNC_SECURE_GETENV],
[AC_REQUIRE([_WM_LIB_CHECK_FUNCTS])
AC_CACHE_CHECK([for secure_getenv], [wm_cv_func_secure_getenv],
[wm_cv_func_secure_getenv=no
wm_save_CFLAGS="$CFLAGS"
for wm_arg in "% yes" "-D_GNU_SOURCE"; do
AS_IF([wm_fn_lib_try_compile "stdlib.h" "const char *h;" "h = secure_getenv(\"HOME\")" dnl
"`echo "$wm_arg" | sed -e 's, *%.*$,,' ` -Werror=implicit-function-declaration"],
[wm_cv_func_secure_getenv="`echo "$wm_arg" | sed -e 's,^.*% *,,' `"
break])
done
CFLAGS="$wm_save_CFLAGS"])
AS_IF([test "x$wm_cv_func_secure_getenv" != "xno"],
[AS_IF([test "x$wm_cv_func_secure_getenv" != "xyes"],
[WM_APPEND_ONCE([$wm_cv_func_secure_getenv], [CPPFLAGS])])
AC_DEFINE([HAVE_SECURE_GETENV], [1],
[defined when GNU's secure_getenv function is available])])
])