Use secure_getenv in client and mechglue module

proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.

Resolves: https://fedorahosted.org/gss-proxy/ticket/110

Reviewed-by: Günther Deschner <gdeschner@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c
index 5b40df9..372ab2e 100644
--- a/proxy/src/mechglue/gss_plugin.c
+++ b/proxy/src/mechglue/gss_plugin.c
@@ -64,7 +64,7 @@ enum gpp_behavior gpp_get_behavior(void)
     char *envval;
 
     if (behavior == GPP_UNINITIALIZED) {
-        envval = getenv("GSSPROXY_BEHAVIOR");
+        envval = gp_getenv("GSSPROXY_BEHAVIOR");
         if (envval) {
             if (strcmp(envval, "LOCAL_ONLY") == 0) {
                 behavior = GPP_LOCAL_ONLY;
@@ -102,7 +102,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
 
     /* avoid looping in the gssproxy daemon by avoiding to interpose
      * any mechanism */
-    envval = getenv("GSS_USE_PROXY");
+    envval = gp_getenv("GSS_USE_PROXY");
     if (!envval) {
         return NULL;
     }