Use secure_getenv() where appropriate

2019-05-01 12:47:31 -04:00 · 2019-05-01 12:47:31 -04:00 · 4c5654d0fb
commit 4c5654d0fb
parent cdfd42332f
2 changed files with 245 additions and 1 deletions
--- a/Use-secure_getenv-where-appropriate.patch
+++ b/Use-secure_getenv-where-appropriate.patch
@ -0,0 +1,240 @@
+From 8987708dbafbb7d3eb743f06d9fbef40a04275e3 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Wed, 24 Apr 2019 16:19:50 -0400
+Subject: [PATCH] Use secure_getenv() where appropriate
+
+ticket: 8800
+(cherry picked from commit d439e370b70f7af4ed2da9c692a3be7dcf7b4ac6)
+---
+ src/lib/kadm5/alt_prof.c                     |  2 +-
+ src/lib/krb5/ccache/ccselect_k5identity.c    |  2 +-
+ src/lib/krb5/os/ccdefname.c                  |  2 +-
+ src/lib/krb5/os/expand_path.c                |  2 +-
+ src/lib/krb5/os/init_os_ctx.c                |  6 +++---
+ src/lib/krb5/os/ktdefname.c                  |  4 ++--
+ src/lib/krb5/os/trace.c                      |  2 +-
+ src/lib/krb5/rcache/rc_base.c                |  4 ++--
+ src/lib/krb5/rcache/rc_io.c                  |  4 ++--
+ src/plugins/preauth/pkinit/pkinit_identity.c | 13 ++++---------
+ src/plugins/tls/k5tls/openssl.c              |  2 +-
+ src/util/profile/prof_file.c                 |  2 +-
+ 12 files changed, 20 insertions(+), 25 deletions(-)
+
+diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
+index 3f6b53651..5531a10fb 100644
+--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
+@@ -73,7 +73,7 @@ krb5_aprof_init(char *fname, char *envname, krb5_pointer *acontextp)
+     ret = krb5_get_default_config_files(&filenames);
+     if (ret)
+         return ret;
+-    if (envname == NULL || (kdc_config = getenv(envname)) == NULL)
+    if (envname == NULL || (kdc_config = secure_getenv(envname)) == NULL)
+         kdc_config = fname;
+     k5_buf_init_dynamic(&buf);
+     if (kdc_config)
+diff --git a/src/lib/krb5/ccache/ccselect_k5identity.c b/src/lib/krb5/ccache/ccselect_k5identity.c
+index bee541658..b2dbf8a09 100644
+--- a/src/lib/krb5/ccache/ccselect_k5identity.c
+++ b/src/lib/krb5/ccache/ccselect_k5identity.c
+@@ -135,7 +135,7 @@ get_homedir(krb5_context context)
+     struct passwd pwx, *pwd;
+ 
+     if (!context->profile_secure)
+-        homedir = getenv("HOME");
+        homedir = secure_getenv("HOME");
+ 
+     if (homedir == NULL) {
+         if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
+diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c
+index e5cb3e44c..233173d35 100644
+--- a/src/lib/krb5/os/ccdefname.c
+++ b/src/lib/krb5/os/ccdefname.c
+@@ -300,7 +300,7 @@ krb5_cc_default_name(krb5_context context)
+         return os_ctx->default_ccname;
+ 
+     /* Try the environment variable first. */
+-    envstr = getenv(KRB5_ENV_CCNAME);
+    envstr = secure_getenv(KRB5_ENV_CCNAME);
+     if (envstr != NULL) {
+         os_ctx->default_ccname = strdup(envstr);
+         return os_ctx->default_ccname;
+diff --git a/src/lib/krb5/os/expand_path.c b/src/lib/krb5/os/expand_path.c
+index 61fb23459..4ce466c19 100644
+--- a/src/lib/krb5/os/expand_path.c
+++ b/src/lib/krb5/os/expand_path.c
+@@ -280,7 +280,7 @@ expand_temp_folder(krb5_context context, PTYPE param, const char *postfix,
+     const char *p = NULL;
+ 
+     if (context == NULL || !context->profile_secure)
+-        p = getenv("TMPDIR");
+        p = secure_getenv("TMPDIR");
+     *ret = strdup((p != NULL) ? p : "/tmp");
+     if (*ret == NULL)
+         return ENOMEM;
+diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
+index 09809b932..3aa86f4ad 100644
+--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
+@@ -243,7 +243,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
+     char *name = 0;
+ 
+     if (!secure) {
+-        char *env = getenv("KRB5_CONFIG");
+        char *env = secure_getenv("KRB5_CONFIG");
+         if (env) {
+             name = strdup(env);
+             if (!name) return ENOMEM;
+@@ -298,7 +298,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
+     if (secure) {
+         filepath = DEFAULT_SECURE_PROFILE_PATH;
+     } else {
+-        filepath = getenv("KRB5_CONFIG");
+        filepath = secure_getenv("KRB5_CONFIG");
+         if (!filepath) filepath = DEFAULT_PROFILE_PATH;
+     }
+ 
+@@ -344,7 +344,7 @@ add_kdc_config_file(profile_filespec_t **pfiles)
+     size_t count = 0;
+     profile_filespec_t *newfiles;
+ 
+-    file = getenv(KDC_PROFILE_ENV);
+    file = secure_getenv(KDC_PROFILE_ENV);
+     if (file == NULL)
+         file = DEFAULT_KDC_PROFILE;
+ 
+diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
+index ffbd14d51..fbe4e98b4 100644
+--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
+@@ -42,7 +42,7 @@ kt_default_name(krb5_context context, char **name_out)
+         *name_out = strdup(krb5_overridekeyname);
+         return (*name_out == NULL) ? ENOMEM : 0;
+     } else if (context->profile_secure == FALSE &&
+-               (str = getenv("KRB5_KTNAME")) != NULL) {
+               (str = secure_getenv("KRB5_KTNAME")) != NULL) {
+         *name_out = strdup(str);
+         return (*name_out == NULL) ? ENOMEM : 0;
+     } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+@@ -63,7 +63,7 @@ k5_kt_client_default_name(krb5_context context, char **name_out)
+     char *str;
+ 
+     if (context->profile_secure == FALSE &&
+-        (str = getenv("KRB5_CLIENT_KTNAME")) != NULL) {
+        (str = secure_getenv("KRB5_CLIENT_KTNAME")) != NULL) {
+         *name_out = strdup(str);
+         return (*name_out == NULL) ? ENOMEM : 0;
+     } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
+index 40a9e7b10..85dbfeb47 100644
+--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
+@@ -389,7 +389,7 @@ k5_init_trace(krb5_context context)
+ {
+     const char *filename;
+ 
+-    filename = getenv("KRB5_TRACE");
+    filename = secure_getenv("KRB5_TRACE");
+     if (filename)
+         (void) krb5_set_trace_filename(context, filename);
+ }
+diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c
+index 373ac3046..9fa46432d 100644
+--- a/src/lib/krb5/rcache/rc_base.c
+++ b/src/lib/krb5/rcache/rc_base.c
+@@ -107,7 +107,7 @@ char *
+ krb5_rc_default_type(krb5_context context)
+ {
+     char *s;
+-    if ((s = getenv("KRB5RCACHETYPE")))
+    if ((s = secure_getenv("KRB5RCACHETYPE")))
+         return s;
+     else
+         return "dfl";
+@@ -117,7 +117,7 @@ char *
+ krb5_rc_default_name(krb5_context context)
+ {
+     char *s;
+-    if ((s = getenv("KRB5RCACHENAME")))
+    if ((s = secure_getenv("KRB5RCACHENAME")))
+         return s;
+     else
+         return (char *) 0;
+diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
+index 35fa14a1f..1800460b2 100644
+--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
+@@ -48,13 +48,13 @@ getdir(void)
+ {
+     char *dir;
+ 
+-    if (!(dir = getenv("KRB5RCACHEDIR"))) {
+    if (!(dir = secure_getenv("KRB5RCACHEDIR"))) {
+ #if defined(_WIN32)
+         if (!(dir = getenv("TEMP")))
+             if (!(dir = getenv("TMP")))
+                 dir = "C:";
+ #else
+-        if (!(dir = getenv("TMPDIR"))) {
+        if (!(dir = secure_getenv("TMPDIR"))) {
+ #ifdef RCTMPDIR
+             dir = RCTMPDIR;
+ #else
+diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
+index 8cd3fc640..b89c5d015 100644
+--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
+@@ -29,15 +29,9 @@
+  * SUCH DAMAGES.
+  */
+ 
+-#include <errno.h>
+-#include <string.h>
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <dlfcn.h>
+-#include <unistd.h>
+-#include <dirent.h>
+-
+ #include "pkinit.h"
+#include <dlfcn.h>
+#include <dirent.h>
+ 
+ static void
+ free_list(char **list)
+@@ -430,7 +424,8 @@ process_option_identity(krb5_context context,
+     switch (idtype) {
+     case IDTYPE_ENVVAR:
+         return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
+-                                       idopts, id_cryptoctx, getenv(residual));
+                                       idopts, id_cryptoctx,
+                                       secure_getenv(residual));
+         break;
+     case IDTYPE_FILE:
+         retval = parse_fs_options(context, idopts, residual);
+diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
+index 822632c90..76a43b3cd 100644
+--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
+@@ -399,7 +399,7 @@ load_anchor(SSL_CTX *ctx, const char *location)
+     } else if (strncmp(location, "DIR:", 4) == 0) {
+         return load_anchor_dir(store, location + 4);
+     } else if (strncmp(location, "ENV:", 4) == 0) {
+-        envloc = getenv(location + 4);
+        envloc = secure_getenv(location + 4);
+         if (envloc == NULL)
+             return ENOENT;
+         return load_anchor(ctx, envloc);
+diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
+index 0dcb6b543..79f9500f6 100644
+--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
+@@ -183,7 +183,7 @@ errcode_t profile_open_file(const_profile_filespec_t filespec,
+     prf->magic = PROF_MAGIC_FILE;
+ 
+     if (filespec[0] == '~' && filespec[1] == '/') {
+-        home_env = getenv("HOME");
+        home_env = secure_getenv("HOME");
+ #ifdef HAVE_PWD_H
+         if (home_env == NULL) {
+             uid_t uid;
--- a/krb5.spec
+++ b/krb5.spec
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.17
 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
-Release: 15%{?dist}
+Release: 16%{?dist}

 # lookaside-cached sources; two downloads and a build artifact
 Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
@ -87,6 +87,7 @@ Patch114: Fix-potential-close-1-in-cc_file.c.patch
 Patch115: Check-more-errors-in-OpenSSL-crypto-backend.patch
 Patch116: Clear-forwardable-flag-instead-of-denying-request.patch
 Patch117: Add-dns_canonicalize_hostname-fallback-support.patch
+Patch118: Use-secure_getenv-where-appropriate.patch

 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@ -694,6 +695,9 @@ exit 0
 %{_libdir}/libkadm5srv_mit.so.*

 %changelog
+* Wed May 01 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-16
+- Use secure_getenv() where appropriate
+
 * Wed Apr 24 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-15
 - Fix us up real nice with rpmlint