diff options
49 files changed, 99 insertions, 83 deletions
diff --git a/cmd/httpserv/httpserv.c b/cmd/httpserv/httpserv.c index b01da4b8f..3e8a0f6a1 100644 --- a/cmd/httpserv/httpserv.c +++ b/cmd/httpserv/httpserv.c @@ -1268,11 +1268,11 @@ main(int argc, char **argv) } } - tmp = getenv("TMP"); + tmp = PR_GetEnvSecure("TMP"); if (!tmp) - tmp = getenv("TMPDIR"); + tmp = PR_GetEnvSecure("TMPDIR"); if (!tmp) - tmp = getenv("TEMP"); + tmp = PR_GetEnvSecure("TEMP"); /* we're an ordinary single process server. */ listen_sock = getBoundListenSocket(port); prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE); diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index e79817b31..24cf682dc 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -416,7 +416,7 @@ SECU_DefaultSSLDir(void) char *dir; static char sslDir[1000]; - dir = PR_GetEnv("SSL_DIR"); + dir = PR_GetEnvSecure("SSL_DIR"); if (!dir) return NULL; @@ -455,7 +455,7 @@ SECU_ConfigDirectory(const char* base) if (base == NULL || *base == 0) { - home = PR_GetEnv("HOME"); + home = PR_GetEnvSecure("HOME"); if (!home) home = ""; if (*home && home[strlen(home) - 1] == '/') diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h index 9f2744a3d..c501920b0 100644 --- a/cmd/lib/secutil.h +++ b/cmd/lib/secutil.h @@ -116,7 +116,7 @@ extern char *SEC_ReadDongleFile(int fd); /* Just sticks the two strings together with a / if needed */ char *SECU_AppendFilenameToDir(char *dir, char *filename); -/* Returns result of getenv("SSL_DIR") or NULL */ +/* Returns result of PR_GetEnvSecure("SSL_DIR") or NULL */ extern char *SECU_DefaultSSLDir(void); /* diff --git a/cmd/libpkix/pkix/top/test_validatechain_NB.c b/cmd/libpkix/pkix/top/test_validatechain_NB.c index d5b5ff6ec..e01930286 100644 --- a/cmd/libpkix/pkix/top/test_validatechain_NB.c +++ b/cmd/libpkix/pkix/top/test_validatechain_NB.c @@ -249,7 +249,7 @@ int test_validatechain_NB(int argc, char *argv[]){ chainCerts, plContext); - ldapName = PR_GetEnv("LDAP"); + ldapName = PR_GetEnvSecure("LDAP"); /* Is LDAP set in the environment? */ if ((ldapName == NULL) || (*ldapName == '\0')) { testError("LDAP not set in environment"); @@ -276,7 +276,7 @@ int test_validatechain_NB(int argc, char *argv[]){ testSetupCertStore(valParams, ldapName); - logging = PR_GetEnv("LOGGING"); + logging = PR_GetEnvSecure("LOGGING"); /* Is LOGGING set in the environment? */ if ((logging != NULL) && (*logging != '\0')) { diff --git a/cmd/modutil/installparse.c b/cmd/modutil/installparse.c index 3691c6388..12694db1e 100644 --- a/cmd/modutil/installparse.c +++ b/cmd/modutil/installparse.c @@ -201,9 +201,9 @@ yyparse() register int yym, yyn, yystate; #if YYDEBUG register char *yys; - extern char *getenv(); + extern char *PR_GetEnvSecure(); - if ((yys = getenv("YYDEBUG")) != NULL) + if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL) { yyn = *yys; if (yyn >= '0' && yyn <= '9') diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c index 901323abe..335d173b7 100644 --- a/cmd/pk11mode/pk11mode.c +++ b/cmd/pk11mode/pk11mode.c @@ -754,7 +754,7 @@ cleanup: #ifdef _WIN32 FreeLibrary(hModule); #else - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { PR_UnloadLibrary(lib); } diff --git a/cmd/pk11util/pk11util.c b/cmd/pk11util/pk11util.c index 45161fd97..5640f10aa 100644 --- a/cmd/pk11util/pk11util.c +++ b/cmd/pk11util/pk11util.c @@ -1404,7 +1404,7 @@ unloadModule(Module *module) { char *disableUnload = NULL; - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (module->library && !disableUnload) { PR_UnloadLibrary(module->library); diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index 98986c318..fc071f703 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -2459,12 +2459,12 @@ main(int argc, char **argv) testBulkBuf[i] = i; } - envString = getenv(envVarName); - tmp = getenv("TMP"); + envString = PR_GetEnvSecure(envVarName); + tmp = PR_GetEnvSecure("TMP"); if (!tmp) - tmp = getenv("TMPDIR"); + tmp = PR_GetEnvSecure("TMPDIR"); if (!tmp) - tmp = getenv("TEMP"); + tmp = PR_GetEnvSecure("TEMP"); if (envString) { /* we're one of the children in a multi-process server. */ listen_sock = PR_GetInheritedFD(inheritableSockName); diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c index 7ddbf343d..63a48367f 100644 --- a/cmd/shlibsign/shlibsign.c +++ b/cmd/shlibsign/shlibsign.c @@ -1288,7 +1288,7 @@ cleanup: } #endif - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { PR_UnloadLibrary(lib); } diff --git a/cmd/signtool/javascript.c b/cmd/signtool/javascript.c index 3beffa522..bbaa93999 100644 --- a/cmd/signtool/javascript.c +++ b/cmd/signtool/javascript.c @@ -64,7 +64,7 @@ InlineJavaScript(char *dir, PRBool recurse) PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n", dir); } - if (PR_GetEnv("SIGNTOOL_DUMP_PARSE")) { + if (PR_GetEnvSecure("SIGNTOOL_DUMP_PARSE")) { dumpParse = PR_TRUE; } diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c index 73568d1ba..74055d681 100644 --- a/cmd/signtool/util.c +++ b/cmd/signtool/util.c @@ -5,6 +5,7 @@ #include "signtool.h" #include "prio.h" #include "prmem.h" +#include "prenv.h" #include "nss.h" static int is_dir (char *filename); @@ -981,7 +982,7 @@ char *get_default_cert_dir (void) static char db [FNSIZE]; #ifdef XP_UNIX - home = getenv ("HOME"); + home = PR_GetEnvSecure ("HOME"); if (home && *home) { sprintf (db, "%s/.netscape", home); @@ -994,7 +995,7 @@ char *get_default_cert_dir (void) /* first check the environment override */ - home = getenv ("JAR_HOME"); + home = PR_GetEnvSecure ("JAR_HOME"); if (home && *home) { sprintf (db, "%s/cert7.db", home); diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c index eee9baf67..346fb6b2b 100644 --- a/cmd/smimetools/cmsutil.c +++ b/cmd/smimetools/cmsutil.c @@ -1069,9 +1069,9 @@ main(int argc, char **argv) PRBool batch = PR_FALSE; #ifdef NISCC_TEST - const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST"); + const char *ev = PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST"); PORT_Assert(ev); - ev = PR_GetEnv("NSS_STRICT_SHUTDOWN"); + ev = PR_GetEnvSecure("NSS_STRICT_SHUTDOWN"); PORT_Assert(ev); #endif diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index f4825050f..7233249dd 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -1448,7 +1448,7 @@ main(int argc, char **argv) PK11_SetPasswordFunc(SECU_GetModulePassword); - tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT"); + tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT"); if (tmp && tmp[0]) { int sec = PORT_Atoi(tmp); if (sec > 0) { diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 4f4c4d9c4..d55e5b8e8 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -968,7 +968,7 @@ int main(int argc, char **argv) progName = strrchr(argv[0], '\\'); progName = progName ? progName+1 : argv[0]; - tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT"); + tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT"); if (tmp && tmp[0]) { int sec = PORT_Atoi(tmp); if (sec > 0) { diff --git a/external_tests/google_test/gtest/test/gtest_unittest.cc b/external_tests/google_test/gtest/test/gtest_unittest.cc index 42638ce22..9625fa4e8 100644 --- a/external_tests/google_test/gtest/test/gtest_unittest.cc +++ b/external_tests/google_test/gtest/test/gtest_unittest.cc @@ -421,9 +421,9 @@ class FormatEpochTimeInMillisAsIso8601Test : public Test { virtual void SetUp() { saved_tz_ = NULL; - GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* getenv, strdup: deprecated */) - if (getenv("TZ")) - saved_tz_ = strdup(getenv("TZ")); + GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* PR_GetEnvSecure, strdup: deprecated */) + if (PR_GetEnvSecure("TZ")) + saved_tz_ = strdup(PR_GetEnvSecure("TZ")); GTEST_DISABLE_MSC_WARNINGS_POP_() // Set up the time zone for FormatEpochTimeInMillisAsIso8601 to use. We diff --git a/external_tests/ssl_gtest/ssl_gtest.cc b/external_tests/ssl_gtest/ssl_gtest.cc index ee1c40cfd..b99b3d236 100644 --- a/external_tests/ssl_gtest/ssl_gtest.cc +++ b/external_tests/ssl_gtest/ssl_gtest.cc @@ -1,4 +1,5 @@ #include "nspr.h" +#include "prenv.h" #include "nss.h" #include "ssl.h" @@ -16,7 +17,7 @@ int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); g_working_dir_path = "."; - char* workdir = getenv("NSS_GTEST_WORKDIR"); + char* workdir = PR_GetEnvSecure("NSS_GTEST_WORKDIR"); if (workdir) g_working_dir_path = workdir; diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index 902e0366d..086728963 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -1344,7 +1344,7 @@ cert_TestHostName(char *cn, const char *hn) static int useShellExp = -1; if (useShellExp < 0) { - useShellExp = (NULL != PR_GetEnv("NSS_USE_SHEXP_IN_CERT_NAME")); + useShellExp = (NULL != PR_GetEnvSecure("NSS_USE_SHEXP_IN_CERT_NAME")); } if (useShellExp) { /* Backward compatible code, uses Shell Expressions (SHEXP). */ diff --git a/lib/certhigh/certvfypkix.c b/lib/certhigh/certvfypkix.c index 7ae10b0c1..d87304bc4 100644 --- a/lib/certhigh/certvfypkix.c +++ b/lib/certhigh/certvfypkix.c @@ -1137,7 +1137,7 @@ cert_VerifyCertChainPkix( fnStackNameArr[0] = "cert_VerifyCertChainPkix"; fnStackInvCountArr[0] = 0; PKIX_Boolean abortOnLeak = - (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? + (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE : PKIX_TRUE; runningLeakTest = PKIX_TRUE; @@ -2019,7 +2019,7 @@ CERT_PKIXVerifyCert( fnStackNameArr[0] = "CERT_PKIXVerifyCert"; fnStackInvCountArr[0] = 0; PKIX_Boolean abortOnLeak = - (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? + (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE : PKIX_TRUE; runningLeakTest = PKIX_TRUE; diff --git a/lib/certhigh/ocsp.c b/lib/certhigh/ocsp.c index e6c9c219e..fb8721a6f 100644 --- a/lib/certhigh/ocsp.c +++ b/lib/certhigh/ocsp.c @@ -159,7 +159,7 @@ wantOcspTrace(void) #ifdef NSS_HAVE_GETENV if (firstTime) { - char *ev = getenv("NSS_TRACE_OCSP"); + char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP"); if (ev && ev[0]) { wantTrace = PR_TRUE; } diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c index 9105a6900..12fe56003 100644 --- a/lib/freebl/loader.c +++ b/lib/freebl/loader.c @@ -904,7 +904,7 @@ BL_Unload(void) * never does a handshake on it, BL_Unload will be called even though freebl * was never loaded. So, don't assert blLib. */ if (blLib) { - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { #ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); diff --git a/lib/freebl/mpi/utils/isprime.c b/lib/freebl/mpi/utils/isprime.c index 654889916..b43b8eb82 100644 --- a/lib/freebl/mpi/utils/isprime.c +++ b/lib/freebl/mpi/utils/isprime.c @@ -38,7 +38,7 @@ int main(int argc, char *argv[]) { char *tmp; - if((tmp = getenv("RM_TESTS")) != NULL) { + if((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) { if((g_tests = atoi(tmp)) <= 0) g_tests = RM_TESTS; } diff --git a/lib/freebl/mpi/utils/metime.c b/lib/freebl/mpi/utils/metime.c index de5104304..c2264b756 100644 --- a/lib/freebl/mpi/utils/metime.c +++ b/lib/freebl/mpi/utils/metime.c @@ -27,8 +27,8 @@ int main(int argc, char *argv[]) mp_int a, m, c; - if(getenv("SEED") != NULL) - seed = abs(atoi(getenv("SEED"))); + if(PR_GetEnvSecure("SEED") != NULL) + seed = abs(atoi(PR_GetEnvSecure("SEED"))); else seed = (unsigned int)time(NULL); diff --git a/lib/freebl/mpi/utils/primegen.c b/lib/freebl/mpi/utils/primegen.c index aac7abaf9..b922a746f 100644 --- a/lib/freebl/mpi/utils/primegen.c +++ b/lib/freebl/mpi/utils/primegen.c @@ -46,7 +46,7 @@ int main(int argc, char *argv[]) /* We'll just use the C library's rand() for now, although this won't be good enough for cryptographic purposes */ - if((out = getenv("SEED")) == NULL) { + if((out = PR_GetEnvSecure("SEED")) == NULL) { srand((unsigned int)time(NULL)); } else { srand((unsigned int)atoi(out)); diff --git a/lib/freebl/rijndael.c b/lib/freebl/rijndael.c index 8b3704bed..f6e38f62b 100644 --- a/lib/freebl/rijndael.c +++ b/lib/freebl/rijndael.c @@ -7,6 +7,7 @@ #endif #include "prinit.h" +#include "prenv.h" #include "prerr.h" #include "secerr.h" @@ -1041,7 +1042,7 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, #ifdef USE_HW_AES if (has_intel_aes == 0) { unsigned long eax, ebx, ecx, edx; - char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES"); + char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); if (disable_hw_aes == NULL) { freebl_cpuid(1, &eax, &ebx, &ecx, &edx); diff --git a/lib/freebl/stubs.c b/lib/freebl/stubs.c index 993d01e18..ed2b643d4 100644 --- a/lib/freebl/stubs.c +++ b/lib/freebl/stubs.c @@ -138,6 +138,7 @@ STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks)); STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock)); STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar, PRIntervalTime timeout)); +STUB_DECLARE(char*,PR_GetEnvSecure,(const char *)); STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena, @@ -465,6 +466,13 @@ PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout) return PR_FAILURE; } +extern char* +PR_GetEnvSecure_stub(const char *var) +{ + STUB_SAFE_CALL1(PR_GetEnvSecure, var); + abort(); + return NULL; +} extern void @@ -570,6 +578,7 @@ freebl_InitNSPR(void *lib) STUB_FETCH_FUNCTION(PR_Unlock); STUB_FETCH_FUNCTION(PR_Lock); STUB_FETCH_FUNCTION(PR_DestroyLock); + STUB_FETCH_FUNCTION(PR_GetEnvSecure); return SECSuccess; } diff --git a/lib/freebl/stubs.h b/lib/freebl/stubs.h index 72f30000c..3ba00705d 100644 --- a/lib/freebl/stubs.h +++ b/lib/freebl/stubs.h @@ -58,6 +58,7 @@ #define PR_Sleep PR_Sleep_stub #define PR_Unlock PR_Unlock_stub #define PR_WaitCondVar PR_WaitCondVar_stub +#define PR_GetEnvSecure PR_GetEnvSecure_stub extern int FREEBL_InitStubs(void); diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c index 579040eea..c9674ea91 100644 --- a/lib/freebl/unix_rand.c +++ b/lib/freebl/unix_rand.c @@ -17,6 +17,7 @@ #include "prerror.h" #include "prthread.h" #include "prprf.h" +#include "prenv.h" size_t RNG_FileUpdate(const char *fileName, size_t limit); @@ -888,9 +889,9 @@ void RNG_SystemInfoForRNG(void) bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT); /* If the user points us to a random file, pass it through the rng */ - randfile = getenv("NSRANDFILE"); + randfile = PR_GetEnvSecure("NSRANDFILE"); if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) { - char *randCountString = getenv("NSRANDCOUNT"); + char *randCountString = PR_GetEnvSecure("NSRANDCOUNT"); int randCount = randCountString ? atoi(randCountString) : 0; if (randCount != 0) { RNG_FileUpdate(randfile, randCount); @@ -1075,7 +1076,7 @@ int ReadOneFile(int fileToRead) int i, error = -1; if (fd == NULL) { - dir = getenv("HOME"); + dir = PR_GetEnvSecure("HOME"); if (dir) { fd = opendir(dir); } diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 6bd0a3a09..e8698376b 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -765,7 +765,7 @@ pkix_pl_Socket_RegisterSelf(void *plContext) #ifdef PKIX_SOCKETTRACE { char *val = NULL; - val = PR_GetEnv("SOCKETTRACE"); + val = PR_GetEnvSecure("SOCKETTRACE"); /* Is SOCKETTRACE set in the environment? */ if ((val != NULL) && (*val != '\0')) { socketTraceFlag = diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 338eb1c01..70ed25d72 100755 --- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -135,7 +135,7 @@ PKIX_PL_Initialize( return PKIX_ALLOC_ERROR(); } - if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { + if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) { pkixLog = PR_NewLogModule("pkix"); } /* @@ -262,7 +262,7 @@ PKIX_PL_Shutdown(void *plContext) #ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); - if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { + if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } #else diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c index b22f9151e..b73d447d8 100644 --- a/lib/nss/nssinit.c +++ b/lib/nss/nssinit.c @@ -691,7 +691,7 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, if (pkixError != NULL) { goto loser; } else { - char *ev = getenv("NSS_ENABLE_PKIX_VERIFY"); + char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY"); if (ev && ev[0]) { CERT_SetUsePKIXForValidation(PR_TRUE); } diff --git a/lib/pk11wrap/debug_module.c b/lib/pk11wrap/debug_module.c index 89ebacca5..bf3eccbf4 100644 --- a/lib/pk11wrap/debug_module.c +++ b/lib/pk11wrap/debug_module.c @@ -2685,7 +2685,7 @@ static void print_final_statistics(void) FILE *outfile = NULL; int i; - fname = PR_GetEnv("NSS_OUTPUT_FILE"); + fname = PR_GetEnvSecure("NSS_OUTPUT_FILE"); if (fname) { /* need to add an optional process id to the filename */ outfile = fopen(fname,"w+"); diff --git a/lib/pk11wrap/pk11akey.c b/lib/pk11wrap/pk11akey.c index b0604de3a..63de67d8d 100644 --- a/lib/pk11wrap/pk11akey.c +++ b/lib/pk11wrap/pk11akey.c @@ -168,7 +168,7 @@ PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey, PK11_SETATTRS(attrs, CKA_EC_PARAMS, pubKey->u.ec.DEREncodedParams.data, pubKey->u.ec.DEREncodedParams.len); attrs++; - if (PR_GetEnv("NSS_USE_DECODED_CKA_EC_POINT")) { + if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) { PK11_SETATTRS(attrs, CKA_EC_POINT, pubKey->u.ec.publicValue.data, pubKey->u.ec.publicValue.len); attrs++; diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c index e3ba1226e..5c5d2caeb 100644 --- a/lib/pk11wrap/pk11load.c +++ b/lib/pk11wrap/pk11load.c @@ -466,7 +466,7 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) { #ifdef DEBUG_MODULE if (PR_TRUE) { - modToDBG = PR_GetEnv("NSS_DEBUG_PKCS11_MODULE"); + modToDBG = PR_GetEnvSecure("NSS_DEBUG_PKCS11_MODULE"); if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) { mod->functionList = (void *)nss_InsertDeviceLog( (CK_FUNCTION_LIST_PTR)mod->functionList); @@ -558,7 +558,7 @@ fail2: } fail: mod->functionList = NULL; - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (library && !disableUnload) { PR_UnloadLibrary(library); } @@ -587,7 +587,7 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (mod->internal && (mod->dllName == NULL)) { if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { if (softokenLib) { - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { #ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); @@ -609,7 +609,7 @@ SECMOD_UnloadModule(SECMODModule *mod) { return SECFailure; } - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { PR_UnloadLibrary(library); } diff --git a/lib/pk11wrap/pk11pars.c b/lib/pk11wrap/pk11pars.c index 5585de1df..51160bbda 100644 --- a/lib/pk11wrap/pk11pars.c +++ b/lib/pk11wrap/pk11pars.c @@ -1086,7 +1086,7 @@ secmod_configIsDBM(char *configDir) || (strncmp(configDir, "extern:", 7) == 0)) { return PR_FALSE; } - env = PR_GetEnv("NSS_DEFAULT_DB_TYPE"); + env = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE"); /* implicit dbm open */ if ((env == NULL) || (strcmp(env,"dbm") == 0)) { return PR_TRUE; diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c index 88f7e0040..712f267f1 100644 --- a/lib/pk11wrap/pk11util.c +++ b/lib/pk11wrap/pk11util.c @@ -84,7 +84,7 @@ SECMOD_Shutdown() nss_DumpModuleLog(); #ifdef DEBUG - if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { + if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) { PORT_Assert(secmod_PrivateModuleCount == 0); } #endif diff --git a/lib/softoken/fipstokn.c b/lib/softoken/fipstokn.c index 3cb6b794d..06335591b 100644 --- a/lib/softoken/fipstokn.c +++ b/lib/softoken/fipstokn.c @@ -436,7 +436,7 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserved) { return CKR_CRYPTOKI_ALREADY_INITIALIZED; } - if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) { + if ((envp = PR_GetEnvSecure("NSS_ENABLE_AUDIT")) != NULL) { sftk_audit_enabled = (atoi(envp) == 1); } diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c index 429ef8726..65289b076 100644 --- a/lib/softoken/legacydb/lgattr.c +++ b/lib/softoken/legacydb/lgattr.c @@ -571,7 +571,7 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, key->u.ec.ecParams.DEREncoding.data, key->u.ec.ecParams.DEREncoding.len); case CKA_EC_POINT: - if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) { + if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) { return lg_CopyAttributeSigned(attribute, type, key->u.ec.publicValue.data, key->u.ec.publicValue.len); diff --git a/lib/softoken/legacydb/lginit.c b/lib/softoken/legacydb/lginit.c index b49f3fea6..363e719d8 100644 --- a/lib/softoken/legacydb/lginit.c +++ b/lib/softoken/legacydb/lginit.c @@ -168,7 +168,7 @@ DB * rdbopen(const char *appName, const char *prefix, } /* couldn't find the entry point, unload the library and fail */ - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { PR_UnloadLibrary(lib); } diff --git a/lib/softoken/lgglue.c b/lib/softoken/lgglue.c index c7b82bd1d..653501c26 100644 --- a/lib/softoken/lgglue.c +++ b/lib/softoken/lgglue.c @@ -418,7 +418,7 @@ sftkdbCall_Shutdown(void) #endif crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize); } - disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); + disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); if (!disableUnload) { PR_UnloadLibrary(legacy_glue_lib); } diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 3c96849f9..ace74961d 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -36,6 +36,7 @@ #include "secerr.h" #include "prprf.h" +#include "prenv.h" #define __PASTE(x,y) x##y @@ -4770,7 +4771,7 @@ dhgn_done: break; } - if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) { + if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) { crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, sftk_item_expand(&ecPriv->publicValue)); } else { diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c index 16848604c..36bdcc132 100644 --- a/lib/softoken/sdb.c +++ b/lib/softoken/sdb.c @@ -235,7 +235,7 @@ sdb_getFallbackTempDir(void) const char *zDir = NULL; azDirs[0] = sqlite3_temp_directory; - azDirs[1] = getenv("TMPDIR"); + azDirs[1] = PR_GetEnvSecure("TMPDIR"); for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) { zDir = azDirs[i]; @@ -1862,7 +1862,7 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate, * the environment variable is primarily to simplify testing, and to * correct potential corner cases where */ - env = PR_GetEnv("NSS_SDB_USE_CACHE"); + env = PR_GetEnvSecure("NSS_SDB_USE_CACHE"); if (env && PORT_Strcasecmp(env,"no") == 0) { enableCache = PR_FALSE; @@ -2013,7 +2013,7 @@ s_open(const char *directory, const char *certPrefix, const char *keyPrefix, accessOps = 1; { char *env; - env = PR_GetEnv("NSS_SDB_USE_CACHE"); + env = PR_GetEnvSecure("NSS_SDB_USE_CACHE"); /* If the environment variable is set to yes or no, sdb_init() will * ignore the value of accessOps, and we can skip the measuring.*/ if (!env || ((PORT_Strcasecmp(env, "no") != 0) && diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h index fbd00b6c7..5935ea24f 100644 --- a/lib/softoken/softoken.h +++ b/lib/softoken/softoken.h @@ -152,7 +152,7 @@ extern PRBool sftk_fatalError; #define FORK_ASSERT() \ { \ - char* forkAssert = getenv("NSS_STRICT_NOFORK"); \ + char* forkAssert = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \ if ( (!forkAssert) || (0 == strcmp(forkAssert, "1")) ) { \ PORT_Assert(0); \ } \ @@ -239,7 +239,7 @@ extern PRBool sftkForkCheckDisabled; #define ENABLE_FORK_CHECK() \ { \ - char* doForkCheck = getenv("NSS_STRICT_NOFORK"); \ + char* doForkCheck = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \ if ( doForkCheck && !strcmp(doForkCheck, "DISABLED") ) { \ sftkForkCheckDisabled = PR_TRUE; \ } \ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index a8e5eb9f9..9f19d6190 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -10165,16 +10165,16 @@ get_fake_cert(SECItem *pCertItem, int *pIndex) char cfn[100]; pCertItem->data = 0; - if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) { + if ((testdir = PR_GetEnvSecure("NISCC_TEST")) == NULL) { return SECSuccess; } *pIndex = (NULL != strstr(testdir, "root")); extension = (strstr(testdir, "simple") ? "" : ".der"); fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1; - if ((startat = PR_GetEnv("START_AT")) != NULL) { + if ((startat = PR_GetEnvSecure("START_AT")) != NULL) { fileNum += atoi(startat); } - if ((stopat = PR_GetEnv("STOP_AT")) != NULL && + if ((stopat = PR_GetEnvSecure("STOP_AT")) != NULL && fileNum >= atoi(stopat)) { *pIndex = -1; return SECSuccess; diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c index f31b2e9c2..acad15dd7 100644 --- a/lib/ssl/sslsnce.c +++ b/lib/ssl/sslsnce.c @@ -1528,7 +1528,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) ssl_sid_uncache = ServerSessionIDUncache; if (!envString) { - envString = getenv(envVarName); + envString = PR_GetEnvSecure(envVarName); if (!envString) { SET_ERROR_CODE return SECFailure; @@ -1747,7 +1747,7 @@ LaunchLockPoller(cacheDesc *cache) PRThread * pollerThread; cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT; - timeoutString = getenv("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT"); + timeoutString = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT"); if (timeoutString) { long newTime = strtol(timeoutString, 0, 0); if (newTime == 0) diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index b29913aaf..6c19e647c 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -3332,7 +3332,7 @@ ssl_SetDefaultsFromEnvironment(void) char * ev; firsttime = 0; #ifdef DEBUG - ev = getenv("SSLDEBUGFILE"); + ev = PR_GetEnvSecure("SSLDEBUGFILE"); if (ev && ev[0]) { ssl_trace_iob = fopen(ev, "w"); } @@ -3340,19 +3340,19 @@ ssl_SetDefaultsFromEnvironment(void) ssl_trace_iob = stderr; } #ifdef TRACE - ev = getenv("SSLTRACE"); + ev = PR_GetEnvSecure("SSLTRACE"); if (ev && ev[0]) { ssl_trace = atoi(ev); SSL_TRACE(("SSL: tracing set to %d", ssl_trace)); } #endif /* TRACE */ - ev = getenv("SSLDEBUG"); + ev = PR_GetEnvSecure("SSLDEBUG"); if (ev && ev[0]) { ssl_debug = atoi(ev); SSL_TRACE(("SSL: debugging set to %d", ssl_debug)); } #endif /* DEBUG */ - ev = getenv("SSLKEYLOGFILE"); + ev = PR_GetEnvSecure("SSLKEYLOGFILE"); if (ev && ev[0]) { ssl_keylog_iob = fopen(ev, "a"); if (!ssl_keylog_iob) { @@ -3366,21 +3366,21 @@ ssl_SetDefaultsFromEnvironment(void) } } #ifndef NO_PKCS11_BYPASS - ev = getenv("SSLBYPASS"); + ev = PR_GetEnvSecure("SSLBYPASS"); if (ev && ev[0]) { ssl_defaults.bypassPKCS11 = (ev[0] == '1'); SSL_TRACE(("SSL: bypass default set to %d", \ ssl_defaults.bypassPKCS11)); } #endif /* NO_PKCS11_BYPASS */ - ev = getenv("SSLFORCELOCKS"); + ev = PR_GetEnvSecure("SSLFORCELOCKS"); if (ev && ev[0] == '1') { ssl_force_locks = PR_TRUE; ssl_defaults.noLocks = 0; strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. "); SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks)); } - ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION"); + ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION"); if (ev) { if (ev[0] == '1' || LOWER(ev[0]) == 'u') ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED; @@ -3393,13 +3393,13 @@ ssl_SetDefaultsFromEnvironment(void) SSL_TRACE(("SSL: enableRenegotiation set to %d", ssl_defaults.enableRenegotiation)); } - ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); + ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION"); if (ev && ev[0] == '1') { ssl_defaults.requireSafeNegotiation = PR_TRUE; SSL_TRACE(("SSL: requireSafeNegotiation set to %d", PR_TRUE)); } - ev = getenv("NSS_SSL_CBC_RANDOM_IV"); + ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV"); if (ev && ev[0] == '0') { ssl_defaults.cbcRandomIV = PR_FALSE; SSL_TRACE(("SSL: cbcRandomIV set to 0")); diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c index 5d139ab86..0cc3a64e6 100644 --- a/lib/sysinit/nsssysinit.c +++ b/lib/sysinit/nsssysinit.c @@ -5,6 +5,7 @@ #include "prio.h" #include "prprf.h" #include "plhash.h" +#include "prenv.h" /* * The following provides a default example for operating systems to set up @@ -41,7 +42,7 @@ testdir(char *dir) static char * getUserDB(void) { - char *userdir = getenv("HOME"); + char *userdir = PR_GetEnvSecure("HOME"); char *nssdir = NULL; if (userdir == NULL) { @@ -133,7 +134,7 @@ userCanModifySystemDB() static PRBool getFIPSEnv(void) { - char *fipsEnv = getenv("NSS_FIPS"); + char *fipsEnv = PR_GetEnvSecure("NSS_FIPS"); if (!fipsEnv) { return PR_FALSE; } diff --git a/lib/util/secoid.c b/lib/util/secoid.c index 71fd24cf3..6f2edb1ae 100644 --- a/lib/util/secoid.c +++ b/lib/util/secoid.c @@ -1990,7 +1990,7 @@ SECOID_Init(void) return SECSuccess; /* already initialized */ } - if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) { + if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) { /* initialize any policy flags that are disabled by default */ xOids[SEC_OID_MD2 ].notPolicyFlags = ~0; xOids[SEC_OID_MD4 ].notPolicyFlags = ~0; @@ -2005,7 +2005,7 @@ SECOID_Init(void) /* turn off NSS_USE_POLICY_IN_SSL by default */ xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL; - envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT"); + envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT"); if (envVal) handleHashAlgSupport(envVal); diff --git a/lib/util/secport.c b/lib/util/secport.c index 723d89b35..dcf58934e 100644 --- a/lib/util/secport.c +++ b/lib/util/secport.c @@ -321,7 +321,7 @@ PORT_FreeArena(PLArenaPool *arena, PRBool zero) } if (!checkedEnv) { /* no need for thread protection here */ - doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL); + doFreeArenaPool = (PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST") == NULL); checkedEnv = PR_TRUE; } if (zero) { diff --git a/lib/util/utilpars.c b/lib/util/utilpars.c index 3f293408c..eef3eee7e 100644 --- a/lib/util/utilpars.c +++ b/lib/util/utilpars.c @@ -1083,7 +1083,7 @@ _NSSUTIL_EvaluateConfigDir(const char *configdir, configdir = configdir + sizeof(LEGACY) -1; } else { /* look up the default from the environment */ - char *defaultType = PR_GetEnv("NSS_DEFAULT_DB_TYPE"); + char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE"); if (defaultType != NULL) { if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB)-2) == 0) { dbType = NSS_DB_TYPE_SQL; |