From 7dfad1ab0b25cc99d58e1d2f5d41a9a5d392eaa9 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 17 Apr 2017 16:43:32 -0500
Subject: [PATCH] Use secure_getenv() instead of issuid()

---
 lib/gssapi/ntlm/init_sec_context.c     |  5 +----
 lib/gssapi/ntlm/kdc.c                  | 16 ++++++----------
 lib/gssapi/spnego/accept_sec_context.c |  4 ++--
 lib/hcrypto/evp-pkcs11.c               | 16 +++++++---------
 lib/hcrypto/rand.c                     | 12 +++++-------
 lib/hx509/softp11.c                    | 14 ++++++--------
 lib/kafs/afssys.c                      |  5 ++---
 lib/krb5/cache.c                       | 21 ++++++++-------------
 lib/krb5/config_file.c                 |  4 +---
 lib/krb5/context.c                     |  7 +++----
 lib/krb5/expand_path.c                 |  3 +--
 lib/krb5/keytab.c                      |  3 +--
 lib/roken/write_pid.c                  |  3 +--
 13 files changed, 44 insertions(+), 69 deletions(-)

diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c
index 5499a1b81..27530328f 100644
--- a/lib/gssapi/ntlm/init_sec_context.c
+++ b/lib/gssapi/ntlm/init_sec_context.c
@@ -90,12 +90,9 @@ get_user_file(const ntlm_name target_name,
 
     *domainp = NULL;
 
-    if (issuid())
-	return ENOENT;
-
     domain = target_name != NULL ? target_name->domain : NULL;
 
-    fn = getenv("NTLM_USER_FILE");
+    fn = secure_getenv("NTLM_USER_FILE");
     if (fn == NULL)
 	return ENOENT;
     if (from_file(fn, domain, domainp, usernamep, key) == 0)
diff --git a/lib/gssapi/ntlm/kdc.c b/lib/gssapi/ntlm/kdc.c
index 06d738206..e5c25596a 100644
--- a/lib/gssapi/ntlm/kdc.c
+++ b/lib/gssapi/ntlm/kdc.c
@@ -64,19 +64,15 @@ get_ccache(krb5_context context, int *destroy, krb5_ccache *id)
     krb5_principal principal = NULL;
     krb5_error_code ret;
     krb5_keytab kt = NULL;
+    const char *cache = secure_getenv("NTLM_ACCEPTOR_CCACHE");
 
     *id = NULL;
 
-    if (!issuid()) {
-	const char *cache;
-
-	cache = getenv("NTLM_ACCEPTOR_CCACHE");
-	if (cache) {
-	    ret = krb5_cc_resolve(context, cache, id);
-	    if (ret)
-		goto out;
-	    return 0;
-	}
+    if (cache) {
+        ret = krb5_cc_resolve(context, cache, id);
+        if (ret)
+            goto out;
+        return 0;
     }
 
     ret = krb5_sname_to_principal(context, NULL, "host",
diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c
index 48b786c29..693d90cbc 100644
--- a/lib/gssapi/spnego/accept_sec_context.c
+++ b/lib/gssapi/spnego/accept_sec_context.c
@@ -368,8 +368,8 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
 	gss_buffer_desc namebuf;
 	char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
 
-	host = getenv("GSSAPI_SPNEGO_NAME");
-	if (host == NULL || issuid()) {
+	host = secure_getenv("GSSAPI_SPNEGO_NAME");
+	if (host == NULL) {
 	    int rv;
 	    if (gethostname(hostname, sizeof(hostname)) != 0) {
 		*minor_status = errno;
diff --git a/lib/hcrypto/evp-pkcs11.c b/lib/hcrypto/evp-pkcs11.c
index 93af9b456..3bfec76b6 100644
--- a/lib/hcrypto/evp-pkcs11.c
+++ b/lib/hcrypto/evp-pkcs11.c
@@ -101,16 +101,14 @@ p11_module_init_once(void *context)
     CK_RV rv;
     CK_FUNCTION_LIST_PTR module;
     CK_RV (*C_GetFunctionList_fn)(CK_FUNCTION_LIST_PTR_PTR);
+    char *pkcs11ModulePath = secure_getenv("PKCS11_MODULE_PATH");
 
-    if (!issuid()) {
-        char *pkcs11ModulePath = getenv("PKCS11_MODULE_PATH");
-        if (pkcs11ModulePath != NULL) {
-	    pkcs11_module_handle =
-		dlopen(pkcs11ModulePath,
-		       RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
-	    if (pkcs11_module_handle == NULL)
-                fprintf(stderr, "p11_module_init(%s): %s\n", pkcs11ModulePath, dlerror());
-        }
+    if (pkcs11ModulePath != NULL) {
+        pkcs11_module_handle =
+            dlopen(pkcs11ModulePath,
+                   RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
+        if (pkcs11_module_handle == NULL)
+            fprintf(stderr, "p11_module_init(%s): %s\n", pkcs11ModulePath, dlerror());
     }
 #ifdef PKCS11_MODULE_PATH
     if (pkcs11_module_handle == NULL) {
diff --git a/lib/hcrypto/rand.c b/lib/hcrypto/rand.c
index 98432e75e..893d5c6ac 100644
--- a/lib/hcrypto/rand.c
+++ b/lib/hcrypto/rand.c
@@ -350,13 +350,11 @@ RAND_file_name(char *filename, size_t size)
     const char *e = NULL;
     int pathp = 0, ret;
 
-    if (!issuid()) {
-	e = getenv("RANDFILE");
-	if (e == NULL)
-	    e = getenv("HOME");
-	if (e)
-	    pathp = 1;
-    }
+    e = secure_getenv("RANDFILE");
+    if (e == NULL)
+        e = secure_getenv("HOME");
+    if (e)
+        pathp = 1;
 
 #ifndef _WIN32
     /*
diff --git a/lib/hx509/softp11.c b/lib/hx509/softp11.c
index f93863b7c..b7a989b12 100644
--- a/lib/hx509/softp11.c
+++ b/lib/hx509/softp11.c
@@ -818,18 +818,16 @@ func_not_supported(void)
 static char *
 get_config_file_for_user(void)
 {
-    char *fn = NULL;
+    char *fn;
 
 #ifndef _WIN32
-    char *home = NULL;
+    char *home;
     int ret;
 
-    if (!issuid()) {
-        fn = getenv("SOFTPKCS11RC");
-        if (fn)
-            fn = strdup(fn);
-        home = getenv("HOME");
-    }
+    fn = secure_getenv("SOFTPKCS11RC");
+    if (fn)
+        fn = strdup(fn);
+    home = secure_getenv("HOME");
     if (fn == NULL && home == NULL) {
         struct passwd *pw = getpwuid(getuid());
         if(pw != NULL)
diff --git a/lib/kafs/afssys.c b/lib/kafs/afssys.c
index fe37c346b..ae33ff182 100644
--- a/lib/kafs/afssys.c
+++ b/lib/kafs/afssys.c
@@ -134,7 +134,7 @@ try_aix(void)
     /*
      * If we are root or running setuid don't trust AFSLIBPATH!
      */
-    if (getuid() != 0 && !issuid() && (p = getenv("AFSLIBPATH")) != NULL)
+    if (getuid() != 0 && (p = secure_getenv("AFSLIBPATH")) != NULL)
 	strlcpy(path, p, sizeof(path));
     else
 	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
@@ -464,8 +464,7 @@ k_hasafs(void)
     int saved_errno, ret;
     char *env = NULL;
 
-    if (!issuid())
-	env = getenv ("AFS_SYSCALL");
+    env = secure_getenv("AFS_SYSCALL");
 
     /*
      * Already checked presence of AFS syscalls?
diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c
index c43cd0ab7..82feb4360 100644
--- a/lib/krb5/cache.c
+++ b/lib/krb5/cache.c
@@ -443,10 +443,7 @@ environment_changed(krb5_context context)
 	 strncmp(context->default_cc_name, "API:", 4) == 0))
 	return 1;
 
-    if(issuid())
-	return 0;
-
-    e = getenv("KRB5CCNAME");
+    e = secure_getenv("KRB5CCNAME");
     if (e == NULL) {
 	if (context->default_cc_name_env) {
 	    free(context->default_cc_name_env);
@@ -518,15 +515,13 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
     if (name == NULL) {
 	const char *e = NULL;
 
-	if (!issuid()) {
-	    e = getenv("KRB5CCNAME");
-	    if (e) {
-		p = strdup(e);
-		if (context->default_cc_name_env)
-		    free(context->default_cc_name_env);
-		context->default_cc_name_env = strdup(e);
-	    }
-	}
+        e = secure_getenv("KRB5CCNAME");
+        if (e) {
+            p = strdup(e);
+            if (context->default_cc_name_env)
+                free(context->default_cc_name_env);
+            context->default_cc_name_env = strdup(e);
+        }
 
 #ifdef _WIN32
 	if (p == NULL) {
diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c
index 86e9ad5d6..cccfc90a0 100644
--- a/lib/krb5/config_file.c
+++ b/lib/krb5/config_file.c
@@ -577,9 +577,7 @@ krb5_config_parse_file_multi (krb5_context context,
 	    return EPERM;
 	}
 
-	if(!issuid())
-	    home = getenv("HOME");
-
+        home = secure_getenv("HOME");
 	if (home == NULL) {
 	    struct passwd *pw = getpwuid(getuid());
 	    if(pw != NULL)
diff --git a/lib/krb5/context.c b/lib/krb5/context.c
index 5660f7f36..ac55408e8 100644
--- a/lib/krb5/context.c
+++ b/lib/krb5/context.c
@@ -254,8 +254,8 @@ init_context_from_config_file(krb5_context context)
 
     tmp = krb5_config_get_string(context, NULL, "libdefaults",
 				 "check-rd-req-server", NULL);
-    if (tmp == NULL && !issuid())
-	tmp = getenv("KRB5_CHECK_RD_REQ_SERVER");
+    if (tmp == NULL)
+	tmp = secure_getenv("KRB5_CHECK_RD_REQ_SERVER");
     if(tmp) {
 	if (strcasecmp(tmp, "ignore") == 0)
 	    context->flags |= KRB5_CTX_F_RD_REQ_IGNORE;
@@ -864,8 +864,7 @@ krb5_get_default_config_files(char ***pfilenames)
 
     if (pfilenames == NULL)
         return EINVAL;
-    if(!issuid())
-	files = getenv("KRB5_CONFIG");
+    files = secure_getenv("KRB5_CONFIG");
 
 #ifdef _WIN32
     if (files == NULL) {
diff --git a/lib/krb5/expand_path.c b/lib/krb5/expand_path.c
index 43b8dfeb3..c6885b121 100644
--- a/lib/krb5/expand_path.c
+++ b/lib/krb5/expand_path.c
@@ -279,8 +279,7 @@ _expand_temp_folder(krb5_context context, PTYPE param, const char *postfix, char
 {
     const char *p = NULL;
 
-    if (!issuid())
-	p = getenv("TEMP");
+    p = secure_getenv("TEMP");
 
     if (p)
 	*ret = strdup(p);
diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c
index ca37e292a..21334b1ea 100644
--- a/lib/krb5/keytab.c
+++ b/lib/krb5/keytab.c
@@ -250,8 +250,7 @@ static const char *default_ktname(krb5_context context)
 {
     const char *tmp = NULL;
 
-    if(!issuid())
-	tmp = getenv("KRB5_KTNAME");
+    tmp = secure_getenv("KRB5_KTNAME");
     if(tmp != NULL)
 	return tmp;
     return context->default_keytab;
diff --git a/lib/roken/write_pid.c b/lib/roken/write_pid.c
index 25ee686c3..cf5299b64 100644
--- a/lib/roken/write_pid.c
+++ b/lib/roken/write_pid.c
@@ -53,8 +53,7 @@ pid_file_write(const char *progname)
      *
      * For now we use an environment variable.
      */
-    if (!issuid())
-        pidfile_dir = getenv("HEIM_PIDFILE_DIR");
+    pidfile_dir = secure_getenv("HEIM_PIDFILE_DIR");
     if (pidfile_dir == NULL)
         pidfile_dir = _PATH_VARRUN;