diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-27 22:26:02 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-05-27 22:40:39 +0200 |
| commit | b9065f5b3007338cb1f53461b3b1118f4711b75e (patch) | |
| tree | 0440a27312c8b9e2fd0bd658c23eda86e6814213 | |
| parent | fb2a6baef79f4aadfd95e657fe5a18da20a1410e (diff) | |
| download | gnutls-b9065f5b3007338cb1f53461b3b1118f4711b75e.tar.gz | |
env: use secure_getenv when reading environment variables
| -rw-r--r-- | lib/fips.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_global.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_mem.h | 6 | ||||
| -rw-r--r-- | lib/system.c | 2 |
4 files changed, 14 insertions, 8 deletions
diff --git a/lib/fips.c b/lib/fips.c index 565976e4af..1732446440 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -54,12 +54,12 @@ const char *p; if (_fips_mode != -1) return _fips_mode; - p = getenv("GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS"); + p = secure_getenv("GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS"); if (p && p[0] == '1') { _skip_integrity_checks = 1; } - p = getenv("GNUTLS_FORCE_FIPS_MODE"); + p = secure_getenv("GNUTLS_FORCE_FIPS_MODE"); if (p) { if (p[0] == '1') _fips_mode = 1; diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 5eb1e14df6..e155798dc0 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -241,11 +241,11 @@ int gnutls_global_init(void) _gnutls_switch_lib_state(LIB_STATE_INIT); - _gnutls_keylogfile = getenv("GNUTLS_KEYLOGFILE"); + _gnutls_keylogfile = secure_getenv("GNUTLS_KEYLOGFILE"); if (_gnutls_keylogfile == NULL) - _gnutls_keylogfile = getenv("SSLKEYLOGFILE"); + _gnutls_keylogfile = secure_getenv("SSLKEYLOGFILE"); - e = getenv("GNUTLS_DEBUG_LEVEL"); + e = secure_getenv("GNUTLS_DEBUG_LEVEL"); if (e != NULL) { level = atoi(e); gnutls_global_set_log_level(level); @@ -478,7 +478,7 @@ const char *e; if (_gnutls_global_init_skip() != 0) return; - e = getenv("GNUTLS_NO_EXPLICIT_INIT"); + e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); if (e != NULL) { ret = atoi(e); if (ret == 1) @@ -499,7 +499,7 @@ static void _DESTRUCTOR lib_deinit(void) if (_gnutls_global_init_skip() != 0) return; - e = getenv("GNUTLS_NO_EXPLICIT_INIT"); + e = secure_getenv("GNUTLS_NO_EXPLICIT_INIT"); if (e != NULL) { int ret = atoi(e); if (ret == 1) diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index a235b1cc4f..07256df6cf 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -23,6 +23,8 @@ #ifndef GNUTLS_MEM_H #define GNUTLS_MEM_H +#include <config.h> + /* this realloc function will return ptr if size==0, and * will free the ptr if the new allocation failed. */ @@ -40,6 +42,10 @@ int safe_memcmp(const void *s1, const void *s2, size_t n) return memcmp(s1, s2, n); } +#ifndef HAVE_SECURE_GETENV +# define secure_getenv getenv +#endif + #define zrelease_mpi_key(mpi) if (*mpi!=NULL) { \ _gnutls_mpi_clear(*mpi); \ _gnutls_mpi_release(mpi); \ diff --git a/lib/system.c b/lib/system.c index 8ff8a66041..62ea653031 100644 --- a/lib/system.c +++ b/lib/system.c @@ -340,7 +340,7 @@ void gnutls_system_global_deinit(void) */ int _gnutls_find_config_path(char *path, size_t max_size) { - const char *home_dir = getenv("HOME"); + const char *home_dir = secure_getenv("HOME"); if (home_dir != NULL && home_dir[0] != 0) { snprintf(path, max_size, "%s/" CONFIG_PATH, home_dir); |