common: Use secure_getenv() implementation when setuid

In anything security sensitive, use secure_getenv() implementation for retrieving environment variables.
author: Stef Walter <stefw@redhat.com> 2014-10-02 08:21:28 +0200
committer: Stef Walter <stefw@redhat.com> 2014-10-02 08:24:44 +0200
commit: 960cb9a7db1950ad1414f70b0e3ec240542601ac (patch)
tree: 93ca10157b1119fa72bd56165eb00880a943aecf /common/test-compat.c
parent: c9474683dd3db5ad87227dd3c3734ab31bfc01e9 (diff)
download: p11-kit-960cb9a7db1950ad1414f70b0e3ec240542601ac.tar.gz
1 files changed, 27 insertions, 0 deletions
diff --git a/common/test-compat.c b/common/test-compat.c
index 42471ae..3af33ac 100644
--- a/common/test-compat.c
+++ b/common/test-compat.c
@@ -84,6 +84,32 @@ test_getauxval (void)
 }
 
 static void
+test_secure_getenv (void)
+{
+	const char *args[] = { BUILDDIR "/frob-getenv", "BLAH", NULL };
+	char *path;
+	int ret;
+
+	setenv ("BLAH", "5", 1);
+
+	ret = p11_test_run_child (args, true);
+	assert_num_eq (ret, 5);
+
+	path = p11_test_copy_setgid (args[0]);
+	if (path == NULL)
+		return;
+
+	args[0] = path;
+	ret = p11_test_run_child (args, true);
+	assert_num_cmp (ret, ==, 0);
+
+/*	if (unlink (path) < 0)
+		assert_fail ("unlink failed", strerror (errno));
+		*/
+	free (path);
+}
+
+static void
 test_mmap (void)
 {
 	p11_mmap *map;
@@ -110,6 +136,7 @@ main (int argc,
 	/* Don't run this test when under fakeroot */
 	if (!getenv ("FAKED_MODE")) {
 		p11_test (test_getauxval, "/compat/getauxval");
+		p11_test (test_secure_getenv, "/compat/secure_getenv");
 	}
 	p11_test (test_mmap, "/compat/mmap");
 #endif
author	Stef Walter <stefw@redhat.com>	2014-10-02 08:21:28 +0200
committer	Stef Walter <stefw@redhat.com>	2014-10-02 08:24:44 +0200
commit	960cb9a7db1950ad1414f70b0e3ec240542601ac (patch)
tree	93ca10157b1119fa72bd56165eb00880a943aecf /common/test-compat.c
parent	c9474683dd3db5ad87227dd3c3734ab31bfc01e9 (diff)
download	p11-kit-960cb9a7db1950ad1414f70b0e3ec240542601ac.tar.gz