WUtil: make use of secure_getenv if the function is available

As pointed by Coverity (#50226), the function getenv can return unreliable data, so if a sensitive application makes uses of the function 'wgethomedir' or 'wusergnusteppath' we'd better use the GNU function secure_getenv which ignore environment variable when used in a known critical cases. Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
2025-12-19 04:20:27 +01:00 · 2014-05-18 00:56:43 +02:00
parent 3aae412588
commit a72c166b6e
4 changed files with 34 additions and 0 deletions
--- a/WINGs/findfile.c
+++ b/WINGs/findfile.c
@@ -46,7 +46,11 @@ char *wgethomedir()
 	if (home)
 		return home;

+#ifdef HAVE_SECURE_GETENV
+	tmp = secure_getenv("HOME");
+#else
 	tmp = getenv("HOME");
+#endif
 	if (tmp) {
 		home = wstrdup(tmp);
 		return home;
--- a/WINGs/userdefaults.c
+++ b/WINGs/userdefaults.c
@@ -58,7 +58,11 @@ const char *wusergnusteppath()
 		/* Value have been already computed, re-use it */
 		return path;

+#ifdef HAVE_SECURE_GETENV
+	gspath = secure_getenv("GNUSTEP_USER_ROOT");
+#else
 	gspath = getenv("GNUSTEP_USER_ROOT");
+#endif
 	if (gspath) {
 		gspath = wexpandpath(gspath);
 		if (gspath) {
--- a/configure.ac
+++ b/configure.ac
@@ -253,6 +253,7 @@ dnl ============================
 dnl not used anywhere
 AC_FUNC_MEMCMP
 AC_FUNC_VPRINTF
+WM_FUNC_SECURE_GETENV
 AC_CHECK_FUNCS(gethostname select poll strcasecmp strncasecmp \
 	       setsid mallinfo mkstemp sysconf)
 AC_SEARCH_LIBS([strerror], [cposix])
--- a/m4/windowmaker.m4
+++ b/m4/windowmaker.m4
@@ -182,3 +182,28 @@ m4_popdef([ENABLEVAR])dnl
 m4_popdef([CACHEVAR])dnl
 m4_popdef([USEVAR])dnl
 ])
+
+
+# WM_FUNC_SECURE_GETENV
+# ---------------------
+#
+# Check if the function 'secure_getenv' is available
+# If found, defines HAVE_SECURE_GETENV
+AC_DEFUN_ONCE([WM_FUNC_SECURE_GETENV],
+[AC_REQUIRE([_WM_LIB_CHECK_FUNCTS])
+AC_CACHE_CHECK([for secure_getenv], [wm_cv_func_secure_getenv],
+    [wm_cv_func_secure_getenv=no
+     wm_save_CFLAGS="$CFLAGS"
+     for wm_arg in "% yes" "-D_GNU_SOURCE"; do
+         AS_IF([wm_fn_lib_try_compile "stdlib.h" "const char *h;" "h = secure_getenv(\"HOME\")" dnl
+                    "`echo "$wm_arg" | sed -e 's, *%.*$,,' ` -Werror=implicit-function-declaration"],
+             [wm_cv_func_secure_getenv="`echo "$wm_arg" | sed -e 's,^.*% *,,' `"
+              break])
+     done
+     CFLAGS="$wm_save_CFLAGS"])
+AS_IF([test "x$wm_cv_func_secure_getenv" != "xno"],
+    [AS_IF([test "x$wm_cv_func_secure_getenv" != "xyes"],
+         [WM_APPEND_ONCE([$wm_cv_func_secure_getenv], [CPPFLAGS])])
+     AC_DEFINE([HAVE_SECURE_GETENV], [1],
+         [defined when GNU's secure_getenv function is available])])
+])