From: Christophe CURIS <[email protected]> As pointed by Coverity (#50226), the function getenv can return unreliable data, so if a sensitive application makes uses of the function 'wgethomedir' or 'wusergnusteppath' we'd better use the GNU function secure_getenv which ignore environment variable when used in a known critical cases.
Signed-off-by: Christophe CURIS <[email protected]> --- WINGs/findfile.c | 4 ++++ WINGs/userdefaults.c | 4 ++++ configure.ac | 1 + m4/windowmaker.m4 | 25 +++++++++++++++++++++++++ 4 files changed, 34 insertions(+) diff --git a/WINGs/findfile.c b/WINGs/findfile.c index ea7980b..6d0593c 100644 --- a/WINGs/findfile.c +++ b/WINGs/findfile.c @@ -46,7 +46,11 @@ char *wgethomedir() if (home) return home; +#ifdef HAVE_SECURE_GETENV + tmp = secure_getenv("HOME"); +#else tmp = getenv("HOME"); +#endif if (tmp) { home = wstrdup(tmp); return home; diff --git a/WINGs/userdefaults.c b/WINGs/userdefaults.c index 269e43e..92f4e0f 100644 --- a/WINGs/userdefaults.c +++ b/WINGs/userdefaults.c @@ -58,7 +58,11 @@ const char *wusergnusteppath() /* Value have been already computed, re-use it */ return path; +#ifdef HAVE_SECURE_GETENV + gspath = secure_getenv("GNUSTEP_USER_ROOT"); +#else gspath = getenv("GNUSTEP_USER_ROOT"); +#endif if (gspath) { gspath = wexpandpath(gspath); if (gspath) { diff --git a/configure.ac b/configure.ac index 684a606..4ea1e32 100644 --- a/configure.ac +++ b/configure.ac @@ -253,6 +253,7 @@ dnl ============================ dnl not used anywhere AC_FUNC_MEMCMP AC_FUNC_VPRINTF +WM_FUNC_SECURE_GETENV AC_CHECK_FUNCS(gethostname select poll strcasecmp strncasecmp \ setsid mallinfo mkstemp sysconf) AC_SEARCH_LIBS([strerror], [cposix]) diff --git a/m4/windowmaker.m4 b/m4/windowmaker.m4 index 8ff1bd6..affdea4 100644 --- a/m4/windowmaker.m4 +++ b/m4/windowmaker.m4 @@ -182,3 +182,28 @@ m4_popdef([ENABLEVAR])dnl m4_popdef([CACHEVAR])dnl m4_popdef([USEVAR])dnl ]) + + +# WM_FUNC_SECURE_GETENV +# --------------------- +# +# Check if the function 'secure_getenv' is available +# If found, defines HAVE_SECURE_GETENV +AC_DEFUN_ONCE([WM_FUNC_SECURE_GETENV], +[AC_REQUIRE([_WM_LIB_CHECK_FUNCTS]) +AC_CACHE_CHECK([for secure_getenv], [wm_cv_func_secure_getenv], + [wm_cv_func_secure_getenv=no + wm_save_CFLAGS="$CFLAGS" + for wm_arg in "% yes" "-D_GNU_SOURCE"; do + AS_IF([wm_fn_lib_try_compile "stdlib.h" "const char *h;" "h = secure_getenv(\"HOME\")" dnl + "`echo "$wm_arg" | sed -e 's, *%.*$,,' ` -Werror=implicit-function-declaration"], + [wm_cv_func_secure_getenv="`echo "$wm_arg" | sed -e 's,^.*% *,,' `" + break]) + done + CFLAGS="$wm_save_CFLAGS"]) +AS_IF([test "x$wm_cv_func_secure_getenv" != "xno"], + [AS_IF([test "x$wm_cv_func_secure_getenv" != "xyes"], + [WM_APPEND_ONCE([$wm_cv_func_secure_getenv], [CPPFLAGS])]) + AC_DEFINE([HAVE_SECURE_GETENV], [1], + [defined when GNU's secure_getenv function is available])]) +]) -- 1.9.2 -- To unsubscribe, send mail to [email protected].
