From cf4efe8de689927b1e4edaeeec3772cbe2d5a234 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Mon, 17 Apr 2017 16:43:29 -0500 Subject: [PATCH] Add secure_getenv.c --- cf/roken-frag.m4 | 1 + lib/roken/Makefile.am | 2 ++ lib/roken/NTMakefile | 1 + lib/roken/roken.h.in | 8 ++++++ lib/roken/secure_getenv.c | 47 ++++++++++++++++++++++++++++++++++++ lib/roken/secure_getenv.h | 42 ++++++++++++++++++++++++++++++++ lib/roken/test-auxval.c | 23 ++++++++++++++++++ lib/roken/version-script.map | 1 + 8 files changed, 125 insertions(+) create mode 100644 lib/roken/secure_getenv.c create mode 100644 lib/roken/secure_getenv.h diff --git a/cf/roken-frag.m4 b/cf/roken-frag.m4 index 3dd73b564..f2ab8846d 100644 --- a/cf/roken-frag.m4 +++ b/cf/roken-frag.m4 @@ -195,6 +195,7 @@ AC_CHECK_FUNCS([ \ on_exit \ poll \ random \ + secure_getenv \ setprogname \ strsvis \ strsvisx \ diff --git a/lib/roken/Makefile.am b/lib/roken/Makefile.am index bf1483f99..92b890324 100644 --- a/lib/roken/Makefile.am +++ b/lib/roken/Makefile.am @@ -118,6 +118,8 @@ libroken_la_SOURCES = \ roken_gethostby.c \ rtbl.c \ rtbl.h \ + secure_getenv.c \ + secure_getenv.h \ setprogname.c \ signal.c \ simple_exec.c \ diff --git a/lib/roken/NTMakefile b/lib/roken/NTMakefile index fa3a9f709..a14a7ee51 100644 --- a/lib/roken/NTMakefile +++ b/lib/roken/NTMakefile @@ -86,6 +86,7 @@ libroken_la_OBJS = \ $(OBJ)\rand.obj \ $(OBJ)\roken_gethostby.obj \ $(OBJ)\rtbl.obj \ + $(OBJ)\secure_getenv.obj \ $(OBJ)\sendmsg.obj \ $(OBJ)\setenv.obj \ $(OBJ)\setprogname.obj \ diff --git a/lib/roken/roken.h.in b/lib/roken/roken.h.in index 9391fa622..c18d85fa0 100644 --- a/lib/roken/roken.h.in +++ b/lib/roken/roken.h.in @@ -833,6 +833,14 @@ ROKEN_LIB_FUNCTION unsigned long ROKEN_LIB_CALL ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL issuid(void); +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_secure_getenv(const char *); + +#ifndef HAVE_SECURE_GETENV +#undef secure_getenv +#define secure_getenv(e) rk_secure_getenv(e) +#endif + #ifndef HAVE_STRUCT_WINSIZE struct winsize { unsigned short ws_row, ws_col; diff --git a/lib/roken/secure_getenv.c b/lib/roken/secure_getenv.c new file mode 100644 index 000000000..d97d03dcd --- /dev/null +++ b/lib/roken/secure_getenv.c @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2017 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#include + +#include "roken.h" +#include "secure_getenv.h" + +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL +rk_secure_getenv(const char *name) +{ + if (issuid()) + return NULL; + return getenv(name); +} diff --git a/lib/roken/secure_getenv.h b/lib/roken/secure_getenv.h new file mode 100644 index 000000000..a3f536320 --- /dev/null +++ b/lib/roken/secure_getenv.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2017 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL + rk_secure_getenv(const char *); + +#ifndef HAVE_SECURE_GETENV +#undef secure_getenv +#define secure_getenv(e) rk_secure_getenv(e) +#endif diff --git a/lib/roken/test-auxval.c b/lib/roken/test-auxval.c index 27276595b..88320b4d8 100644 --- a/lib/roken/test-auxval.c +++ b/lib/roken/test-auxval.c @@ -43,6 +43,27 @@ #include "roken.h" #include "getauxval.h" +static void +check_secure_getenv(char **env) +{ + size_t i; + char *v; + + for (i = 0; environ[i] != NULL; i++) { + if (strchr(environ[i], '=') == NULL) + continue; + if ((v = strdup(env[i])) == NULL) + err(1, "could not allocate copy of %s", env[i]); + *strchr(v, '=') = '\0'; + if (issuid() && rk_secure_getenv(v) != NULL) + err(1, "rk_secure_getenv() returned non-NULL when issuid()!"); + if (!issuid() && rk_secure_getenv(v) == NULL) + err(1, "rk_secure_getenv() returned NULL when !issuid()"); + free(v); + return; + } +} + static void inject_suid(int suid) { @@ -188,9 +209,11 @@ main(int argc, char **argv, char **env) errx(1, "rk_getauxv((max_type_seen = %lu) + 1) did not set " "errno = ENOENT!", max_t); + check_secure_getenv(env); inject_suid(!am_suid); if ((am_suid && issuid()) || (!am_suid && !issuid())) errx(1, "rk_injectprocauxv() failed"); + check_secure_getenv(env); return 0; } diff --git a/lib/roken/version-script.map b/lib/roken/version-script.map index d67224c53..4cb011118 100644 --- a/lib/roken/version-script.map +++ b/lib/roken/version-script.map @@ -95,6 +95,7 @@ HEIMDAL_ROKEN_1.0 { rk_read_environment; rk_readv; rk_realloc; + rk_secure_getenv; rk_strerror; rk_strerror_r; rk_setprogname;