From a41dc78bd3a879870eece3bf0a7c66196c90e7e8 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 24 Apr 2019 16:19:50 -0400 Subject: [PATCH] Use secure_getenv() where appropriate ticket: 8800 (cherry picked from commit d439e370b70f7af4ed2da9c692a3be7dcf7b4ac6) --- src/lib/kadm5/alt_prof.c | 2 +- src/lib/krb5/ccache/ccselect_k5identity.c | 2 +- src/lib/krb5/os/ccdefname.c | 2 +- src/lib/krb5/os/expand_path.c | 2 +- src/lib/krb5/os/init_os_ctx.c | 6 +++--- src/lib/krb5/os/ktdefname.c | 4 ++-- src/lib/krb5/os/trace.c | 2 +- src/lib/krb5/rcache/rc_base.c | 4 ++-- src/lib/krb5/rcache/rc_io.c | 4 ++-- src/plugins/preauth/pkinit/pkinit_identity.c | 13 ++++--------- src/plugins/tls/k5tls/openssl.c | 2 +- src/util/profile/prof_file.c | 2 +- 12 files changed, 20 insertions(+), 25 deletions(-) diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 3f6b53651..5531a10fb 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -73,7 +73,7 @@ krb5_aprof_init(char *fname, char *envname, krb5_pointer *acontextp) ret = krb5_get_default_config_files(&filenames); if (ret) return ret; - if (envname == NULL || (kdc_config = getenv(envname)) == NULL) + if (envname == NULL || (kdc_config = secure_getenv(envname)) == NULL) kdc_config = fname; k5_buf_init_dynamic(&buf); if (kdc_config) diff --git a/src/lib/krb5/ccache/ccselect_k5identity.c b/src/lib/krb5/ccache/ccselect_k5identity.c index bee541658..b2dbf8a09 100644 --- a/src/lib/krb5/ccache/ccselect_k5identity.c +++ b/src/lib/krb5/ccache/ccselect_k5identity.c @@ -135,7 +135,7 @@ get_homedir(krb5_context context) struct passwd pwx, *pwd; if (!context->profile_secure) - homedir = getenv("HOME"); + homedir = secure_getenv("HOME"); if (homedir == NULL) { if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0) diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index e5cb3e44c..233173d35 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -300,7 +300,7 @@ krb5_cc_default_name(krb5_context context) return os_ctx->default_ccname; /* Try the environment variable first. */ - envstr = getenv(KRB5_ENV_CCNAME); + envstr = secure_getenv(KRB5_ENV_CCNAME); if (envstr != NULL) { os_ctx->default_ccname = strdup(envstr); return os_ctx->default_ccname; diff --git a/src/lib/krb5/os/expand_path.c b/src/lib/krb5/os/expand_path.c index 61fb23459..4ce466c19 100644 --- a/src/lib/krb5/os/expand_path.c +++ b/src/lib/krb5/os/expand_path.c @@ -280,7 +280,7 @@ expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, const char *p = NULL; if (context == NULL || !context->profile_secure) - p = getenv("TMPDIR"); + p = secure_getenv("TMPDIR"); *ret = strdup((p != NULL) ? p : "/tmp"); if (*ret == NULL) return ENOMEM; diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 09809b932..3aa86f4ad 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -243,7 +243,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) char *name = 0; if (!secure) { - char *env = getenv("KRB5_CONFIG"); + char *env = secure_getenv("KRB5_CONFIG"); if (env) { name = strdup(env); if (!name) return ENOMEM; @@ -298,7 +298,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) if (secure) { filepath = DEFAULT_SECURE_PROFILE_PATH; } else { - filepath = getenv("KRB5_CONFIG"); + filepath = secure_getenv("KRB5_CONFIG"); if (!filepath) filepath = DEFAULT_PROFILE_PATH; } @@ -344,7 +344,7 @@ add_kdc_config_file(profile_filespec_t **pfiles) size_t count = 0; profile_filespec_t *newfiles; - file = getenv(KDC_PROFILE_ENV); + file = secure_getenv(KDC_PROFILE_ENV); if (file == NULL) file = DEFAULT_KDC_PROFILE; diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index ffbd14d51..fbe4e98b4 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -42,7 +42,7 @@ kt_default_name(krb5_context context, char **name_out) *name_out = strdup(krb5_overridekeyname); return (*name_out == NULL) ? ENOMEM : 0; } else if (context->profile_secure == FALSE && - (str = getenv("KRB5_KTNAME")) != NULL) { + (str = secure_getenv("KRB5_KTNAME")) != NULL) { *name_out = strdup(str); return (*name_out == NULL) ? ENOMEM : 0; } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, @@ -63,7 +63,7 @@ k5_kt_client_default_name(krb5_context context, char **name_out) char *str; if (context->profile_secure == FALSE && - (str = getenv("KRB5_CLIENT_KTNAME")) != NULL) { + (str = secure_getenv("KRB5_CLIENT_KTNAME")) != NULL) { *name_out = strdup(str); return (*name_out == NULL) ? ENOMEM : 0; } else if (profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS, diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c index 40a9e7b10..85dbfeb47 100644 --- a/src/lib/krb5/os/trace.c +++ b/src/lib/krb5/os/trace.c @@ -389,7 +389,7 @@ k5_init_trace(krb5_context context) { const char *filename; - filename = getenv("KRB5_TRACE"); + filename = secure_getenv("KRB5_TRACE"); if (filename) (void) krb5_set_trace_filename(context, filename); } diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c index 373ac3046..9fa46432d 100644 --- a/src/lib/krb5/rcache/rc_base.c +++ b/src/lib/krb5/rcache/rc_base.c @@ -107,7 +107,7 @@ char * krb5_rc_default_type(krb5_context context) { char *s; - if ((s = getenv("KRB5RCACHETYPE"))) + if ((s = secure_getenv("KRB5RCACHETYPE"))) return s; else return "dfl"; @@ -117,7 +117,7 @@ char * krb5_rc_default_name(krb5_context context) { char *s; - if ((s = getenv("KRB5RCACHENAME"))) + if ((s = secure_getenv("KRB5RCACHENAME"))) return s; else return (char *) 0; diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 35fa14a1f..1800460b2 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -48,13 +48,13 @@ getdir(void) { char *dir; - if (!(dir = getenv("KRB5RCACHEDIR"))) { + if (!(dir = secure_getenv("KRB5RCACHEDIR"))) { #if defined(_WIN32) if (!(dir = getenv("TEMP"))) if (!(dir = getenv("TMP"))) dir = "C:"; #else - if (!(dir = getenv("TMPDIR"))) { + if (!(dir = secure_getenv("TMPDIR"))) { #ifdef RCTMPDIR dir = RCTMPDIR; #else diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c index 8cd3fc640..b89c5d015 100644 --- a/src/plugins/preauth/pkinit/pkinit_identity.c +++ b/src/plugins/preauth/pkinit/pkinit_identity.c @@ -29,15 +29,9 @@ * SUCH DAMAGES. */ -#include -#include -#include -#include -#include -#include -#include - #include "pkinit.h" +#include +#include static void free_list(char **list) @@ -430,7 +424,8 @@ process_option_identity(krb5_context context, switch (idtype) { case IDTYPE_ENVVAR: return process_option_identity(context, plg_cryptoctx, req_cryptoctx, - idopts, id_cryptoctx, getenv(residual)); + idopts, id_cryptoctx, + secure_getenv(residual)); break; case IDTYPE_FILE: retval = parse_fs_options(context, idopts, residual); diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c index 822632c90..76a43b3cd 100644 --- a/src/plugins/tls/k5tls/openssl.c +++ b/src/plugins/tls/k5tls/openssl.c @@ -399,7 +399,7 @@ load_anchor(SSL_CTX *ctx, const char *location) } else if (strncmp(location, "DIR:", 4) == 0) { return load_anchor_dir(store, location + 4); } else if (strncmp(location, "ENV:", 4) == 0) { - envloc = getenv(location + 4); + envloc = secure_getenv(location + 4); if (envloc == NULL) return ENOENT; return load_anchor(ctx, envloc); diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index 0dcb6b543..79f9500f6 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -183,7 +183,7 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, prf->magic = PROF_MAGIC_FILE; if (filespec[0] == '~' && filespec[1] == '/') { - home_env = getenv("HOME"); + home_env = secure_getenv("HOME"); #ifdef HAVE_PWD_H if (home_env == NULL) { uid_t uid;