libedit/SOURCES/libedit-editrc.patch
2023-09-21 19:06:43 +00:00

41 lines
1.2 KiB
Diff

diff -ur libedit-20210419-3.1/src/el.c libedit-20210522-3.1/src/el.c
--- libedit-20210419-3.1/src/el.c 2019-10-25 22:12:05.000000000 +0200
+++ libedit-20210522-3.1/src/el.c 2021-05-22 20:55:00.000000000 +0200
@@ -548,15 +548,15 @@
fp = NULL;
if (fname == NULL) {
-#ifdef HAVE_ISSETUGID
- if (issetugid())
- return -1;
- if ((fname = getenv("EDITRC")) == NULL) {
+ /* secure_getenv is guaranteed to be defined and do the right thing here */
+ /* because of the defines above which take into account issetugid, */
+ /* secure_getenv and __secure_getenv availability. */
+ if ((fname = secure_getenv("EDITRC")) == NULL) {
static const char elpath[] = "/.editrc";
size_t plen = sizeof(elpath);
- if ((ptr = getenv("HOME")) == NULL)
+ if ((ptr = secure_getenv("HOME")) == NULL)
return -1;
plen += strlen(ptr);
if ((path = el_calloc(plen, sizeof(*path))) == NULL)
@@ -565,14 +565,7 @@
elpath + (*ptr == '\0'));
fname = path;
}
-#else
- /*
- * If issetugid() is missing, always return an error, in order
- * to keep from inadvertently opening up the user to a security
- * hole.
- */
- return -1;
-#endif
+
}
if (fname[0] == '\0')
return -1;