From nobody Mon Mar 27 12:56:31 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PlXrH6Yf1z42FBG; Mon, 27 Mar 2023 12:56:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PlXrH677Hz3p59; Mon, 27 Mar 2023 12:56:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679921791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pikq2JDsJ00JJiXISSuD9Zt4G2Tlg5M94wD8zNtxWho=; b=SJ5ky5umaiIZQqrarvaiQwl/a+z5UQYv5taQVUUtvofyPdIK1JPz/NAnMRGdsSTugkOXrr wy6oyUGjX0Spm+TJinA3Erk5aEypFGfWeFEpbReF7w7VZBtJ40Rw/SNjgE/rcbAq15ZZ9e wzTPNDXGCO0eTPCqZC1syu8iruh5XJ/tWUJZ2ZtdjkiWg2ktpRO9eNbNlqB45upQ5uhxrl xKHx0veSitJgV4F4XO4SkCMcUkvem62GaT0M5f+OUXR9oj1lY97gU6mKUaVqMDE/XrODuT iQ3dc8KMN4o4t8tfjG6Lp1O3sTARhqQ11jeg7qZ6wdEL+BWIRmMx+Q5BzkZhzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679921791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pikq2JDsJ00JJiXISSuD9Zt4G2Tlg5M94wD8zNtxWho=; b=edio1rpv34pCR0h6CDsyKjvdy8Saxuxzt7D0YjzdWxafW+aWNT3he/sTTw9chOdO7QSmJ/ zzfQsJQ/YqJIU+MZfyT6LUFcuDWRvLf4GpPUZBSBOJNcc6HG0NJat528VHna+azcs0kSJC sWAeIVAMB7pEl2mSjgaHnyTkooYSV4PfUe1DRw+KlFSrvw04b5sPQZYRVLEeqA06inaeV/ 2T4+Fb8GWzCCNtmtrPMZp+UEzjVlgWnjsHy5M4KHzMgnwXCfRVU749mhbzHFjAaDnkfxnb +KFIlqrWpL7FI8fFNIvvv4I+LJ1nF6ngUE4jFBMpjIg5qSDR7k0G5Slh0sRFrA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679921791; a=rsa-sha256; cv=none; b=yW7+NMaM5/SoI2J5DcCtw8Tca+UbH6Phjx2TtJM0URJErVRy6og/WpIK+zREvnNI/gzNN8 0f9OIiH3VEzXbQ/peYcMEcZAKsTDUVIRwymh1i5pS6ULSCJr4lgjNuTE/P8nuXK/YBqLIi J6fQ6DX64/5UiSvJfWJauu5Sg3ihxc4cv9qk9Mf4OQWsY+Ru4q3mDwupgk81sFUE2fQ460 Obp6f20J4ApxRt89zK0dzkVURPke46fnkvKUDnoztsob98RVphYsWIXoiheYWpX95jhlGm l4dsPZ0nQgMOM+oDDDSj75GfdMOL4czK1Y8bTnA8HkaZkPWXsUA/1ZMWmdHELg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PlXrH54wdzN8J; Mon, 27 Mar 2023 12:56:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32RCuVBa007626; Mon, 27 Mar 2023 12:56:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32RCuV1K007625; Mon, 27 Mar 2023 12:56:31 GMT (envelope-from git) Date: Mon, 27 Mar 2023 12:56:31 GMT Message-Id: <202303271256.32RCuV1K007625@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 68ca8363c7a1 - main - libc: Use secure_getenv(3) where appropriate List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 68ca8363c7a19d5351dc2b10568cbf2403e07e33 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=68ca8363c7a19d5351dc2b10568cbf2403e07e33 commit 68ca8363c7a19d5351dc2b10568cbf2403e07e33 Author: Mark Johnston AuthorDate: 2023-03-27 12:55:01 +0000 Commit: Mark Johnston CommitDate: 2023-03-27 12:56:22 +0000 libc: Use secure_getenv(3) where appropriate No functional change intended. Reviewed by: mjg, imp, kib Differential Revision: https://reviews.freebsd.org/D39278 --- lib/libc/db/btree/bt_open.c | 5 ++--- lib/libc/db/hash/hash_page.c | 5 ++--- lib/libc/gen/fstab.c | 8 ++------ lib/libc/gen/glob-compat11.c | 3 +-- lib/libc/gen/glob.c | 3 +-- lib/libc/iconv/citrus_iconv.c | 5 +++-- lib/libc/iconv/citrus_module.c | 4 ++-- lib/libc/locale/setlocale.c | 4 ++-- lib/libc/net/hesiod.c | 10 ++-------- lib/libc/net/rcmd.c | 2 +- lib/libc/nls/msgcat.c | 2 +- lib/libc/posix1e/mac.c | 5 ++--- lib/libc/resolv/res_init.c | 2 +- lib/libc/resolv/res_query.c | 4 +--- lib/libc/stdio/tempnam.c | 2 +- lib/libc/stdio/tmpfile.c | 4 +--- 16 files changed, 25 insertions(+), 43 deletions(-) diff --git a/lib/libc/db/btree/bt_open.c b/lib/libc/db/btree/bt_open.c index ce3b8a1ecf1b..06bbd39f1842 100644 --- a/lib/libc/db/btree/bt_open.c +++ b/lib/libc/db/btree/bt_open.c @@ -391,11 +391,10 @@ tmp(void) { sigset_t set, oset; int fd, len; - char *envtmp = NULL; + char *envtmp; char path[MAXPATHLEN]; - if (issetugid() == 0) - envtmp = getenv("TMPDIR"); + envtmp = secure_getenv("TMPDIR"); len = snprintf(path, sizeof(path), "%s/bt.XXXXXXXXXX", envtmp ? envtmp : "/tmp"); if (len < 0 || len >= (int)sizeof(path)) { diff --git a/lib/libc/db/hash/hash_page.c b/lib/libc/db/hash/hash_page.c index fba854b51f33..afcda6321133 100644 --- a/lib/libc/db/hash/hash_page.c +++ b/lib/libc/db/hash/hash_page.c @@ -855,11 +855,10 @@ open_temp(HTAB *hashp) { sigset_t set, oset; int len; - char *envtmp = NULL; + char *envtmp; char path[MAXPATHLEN]; - if (issetugid() == 0) - envtmp = getenv("TMPDIR"); + envtmp = secure_getenv("TMPDIR"); len = snprintf(path, sizeof(path), "%s/_hash.XXXXXX", envtmp ? envtmp : "/tmp"); if (len < 0 || len >= (int)sizeof(path)) { diff --git a/lib/libc/gen/fstab.c b/lib/libc/gen/fstab.c index 3813202afb15..718373931757 100644 --- a/lib/libc/gen/fstab.c +++ b/lib/libc/gen/fstab.c @@ -259,12 +259,8 @@ setfsent(void) LineNo = 0; return (1); } - if (fsp_set == 0) { - if (issetugid()) - setfstab(NULL); - else - setfstab(getenv("PATH_FSTAB")); - } + if (fsp_set == 0) + setfstab(secure_getenv("PATH_FSTAB")); if ((_fs_fp = fopen(path_fstab, "re")) != NULL) { LineNo = 0; return (1); diff --git a/lib/libc/gen/glob-compat11.c b/lib/libc/gen/glob-compat11.c index 76a4553c922c..26dc9db9ff29 100644 --- a/lib/libc/gen/glob-compat11.c +++ b/lib/libc/gen/glob-compat11.c @@ -422,8 +422,7 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob11_t *pglob) * we're not running setuid or setgid) and then trying * the password file */ - if (issetugid() != 0 || - (h = getenv("HOME")) == NULL) { + if ((h = secure_getenv("HOME")) == NULL) { if (((h = getlogin()) != NULL && (pwd = getpwnam(h)) != NULL) || (pwd = getpwuid(getuid())) != NULL) diff --git a/lib/libc/gen/glob.c b/lib/libc/gen/glob.c index 2e8bf6310641..43dd77df8119 100644 --- a/lib/libc/gen/glob.c +++ b/lib/libc/gen/glob.c @@ -453,8 +453,7 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob) * we're not running setuid or setgid) and then trying * the password file */ - if (issetugid() != 0 || - (h = getenv("HOME")) == NULL) { + if ((h = secure_getenv("HOME")) == NULL) { if (((h = getlogin()) != NULL && (pwd = getpwnam(h)) != NULL) || (pwd = getpwuid(getuid())) != NULL) diff --git a/lib/libc/iconv/citrus_iconv.c b/lib/libc/iconv/citrus_iconv.c index 88dfc2deca33..27f88c6a47ab 100644 --- a/lib/libc/iconv/citrus_iconv.c +++ b/lib/libc/iconv/citrus_iconv.c @@ -81,8 +81,9 @@ init_cache(void) _CITRUS_HASH_INIT(&shared_pool, CI_HASH_SIZE); TAILQ_INIT(&shared_unused); shared_max_reuse = -1; - if (!issetugid() && getenv(CI_ENV_MAX_REUSE)) - shared_max_reuse = atoi(getenv(CI_ENV_MAX_REUSE)); + if (secure_getenv(CI_ENV_MAX_REUSE) != NULL) + shared_max_reuse = + atoi(secure_getenv(CI_ENV_MAX_REUSE)); if (shared_max_reuse < 0) shared_max_reuse = CI_INITIAL_MAX_REUSE; isinit = true; diff --git a/lib/libc/iconv/citrus_module.c b/lib/libc/iconv/citrus_module.c index bd173b41bb04..76db1bc7df9c 100644 --- a/lib/libc/iconv/citrus_module.c +++ b/lib/libc/iconv/citrus_module.c @@ -282,8 +282,8 @@ _citrus_load_module(_citrus_module_t *rhandle, const char *encname) int maj, min; if (_pathI18nModule == NULL) { - p = getenv("PATH_I18NMODULE"); - if (p != NULL && !issetugid()) { + p = secure_getenv("PATH_I18NMODULE"); + if (p != NULL) { _pathI18nModule = strdup(p); if (_pathI18nModule == NULL) return (ENOMEM); diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c index e0ba66e0e35a..bb60418f3583 100644 --- a/lib/libc/locale/setlocale.c +++ b/lib/libc/locale/setlocale.c @@ -312,9 +312,9 @@ int __detect_path_locale(void) { if (_PathLocale == NULL) { - char *p = getenv("PATH_LOCALE"); + char *p = secure_getenv("PATH_LOCALE"); - if (p != NULL && !issetugid()) { + if (p != NULL) { if (strlen(p) + 1/*"/"*/ + ENCODING_LEN + 1/*"/"*/ + CATEGORY_LEN >= PATH_MAX) return (ENAMETOOLONG); diff --git a/lib/libc/net/hesiod.c b/lib/libc/net/hesiod.c index 0966b6d7ef91..f456e76316a1 100644 --- a/lib/libc/net/hesiod.c +++ b/lib/libc/net/hesiod.c @@ -92,10 +92,7 @@ hesiod_init(context) ctx = malloc(sizeof(struct hesiod_p)); if (ctx) { *context = ctx; - if (!issetugid()) - configname = getenv("HESIOD_CONFIG"); - else - configname = NULL; + configname = secure_getenv("HESIOD_CONFIG"); if (!configname) configname = _PATH_HESIOD_CONF; if (read_config_file(ctx, configname) >= 0) { @@ -103,10 +100,7 @@ hesiod_init(context) * The default rhs can be overridden by an * environment variable. */ - if (!issetugid()) - p = getenv("HES_DOMAIN"); - else - p = NULL; + p = secure_getenv("HES_DOMAIN"); if (p) { if (ctx->rhs) free(ctx->rhs); diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index e8b4ffd356c4..2a6edd66440c 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -97,7 +97,7 @@ rcmd_af(char **ahost, int rport, const char *locuser, const char *remuser, static char canonnamebuf[MAXDNAME]; /* is it proper here? */ /* call rcmdsh() with specified remote shell if appropriate. */ - if (!issetugid() && (p = getenv("RSH"))) { + if ((p = secure_getenv("RSH")) != NULL) { struct servent *sp = getservbyname("shell", "tcp"); if (sp && sp->s_port == rport) diff --git a/lib/libc/nls/msgcat.c b/lib/libc/nls/msgcat.c index f27bf7918b88..7f687258e5c3 100644 --- a/lib/libc/nls/msgcat.c +++ b/lib/libc/nls/msgcat.c @@ -196,7 +196,7 @@ __catopen_l(const char *name, int type, locale_t locale) pcode = cptr; } - if ((nlspath = getenv("NLSPATH")) == NULL || issetugid()) + if ((nlspath = secure_getenv("NLSPATH")) == NULL) nlspath = _DEFAULT_NLS_PATH; if ((base = cptr = strdup(nlspath)) == NULL) { diff --git a/lib/libc/posix1e/mac.c b/lib/libc/posix1e/mac.c index a8e0abe7afff..7747b62b7c72 100644 --- a/lib/libc/posix1e/mac.c +++ b/lib/libc/posix1e/mac.c @@ -177,9 +177,8 @@ mac_init_internal(int ignore_errors) LIST_INIT(&label_default_head); - if (!issetugid() && getenv("MAC_CONFFILE") != NULL) - filename = getenv("MAC_CONFFILE"); - else + filename = secure_getenv("MAC_CONFFILE"); + if (filename == NULL) filename = MAC_CONFFILE; file = fopen(filename, "re"); if (file == NULL) diff --git a/lib/libc/resolv/res_init.c b/lib/libc/resolv/res_init.c index 274ffbf999d6..40d3373e813d 100644 --- a/lib/libc/resolv/res_init.c +++ b/lib/libc/resolv/res_init.c @@ -277,7 +277,7 @@ __res_vinit(res_state statp, int preinit) { #endif /* SOLARIS2 */ /* Allow user to override the local domain definition */ - if (issetugid() == 0 && (cp = getenv("LOCALDOMAIN")) != NULL) { + if ((cp = secure_getenv("LOCALDOMAIN")) != NULL) { (void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1); statp->defdname[sizeof(statp->defdname) - 1] = '\0'; haveenv++; diff --git a/lib/libc/resolv/res_query.c b/lib/libc/resolv/res_query.c index 8270e26ecdfb..10ac46ced8af 100644 --- a/lib/libc/resolv/res_query.c +++ b/lib/libc/resolv/res_query.c @@ -457,9 +457,7 @@ res_hostalias(const res_state statp, const char *name, char *dst, size_t siz) { if (statp->options & RES_NOALIASES) return (NULL); - if (issetugid()) - return (NULL); - file = getenv("HOSTALIASES"); + file = secure_getenv("HOSTALIASES"); if (file == NULL || (fp = fopen(file, "re")) == NULL) return (NULL); setbuf(fp, NULL); diff --git a/lib/libc/stdio/tempnam.c b/lib/libc/stdio/tempnam.c index 2d7bd90e08a4..4a720fd4c1cb 100644 --- a/lib/libc/stdio/tempnam.c +++ b/lib/libc/stdio/tempnam.c @@ -60,7 +60,7 @@ tempnam(const char *dir, const char *pfx) if (!pfx) pfx = "tmp."; - if (issetugid() == 0 && (f = getenv("TMPDIR"))) { + if ((f = secure_getenv("TMPDIR")) != NULL) { (void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXX", f, *(f + strlen(f) - 1) == '/'? "": "/", pfx); if ((f = _mktemp(name))) diff --git a/lib/libc/stdio/tmpfile.c b/lib/libc/stdio/tmpfile.c index e5ee1be2884e..aedaab6e1262 100644 --- a/lib/libc/stdio/tmpfile.c +++ b/lib/libc/stdio/tmpfile.c @@ -60,9 +60,7 @@ tmpfile(void) char *buf; const char *tmpdir; - tmpdir = NULL; - if (issetugid() == 0) - tmpdir = getenv("TMPDIR"); + tmpdir = secure_getenv("TMPDIR"); if (tmpdir == NULL) tmpdir = _PATH_TMP;