From 30ce3354ed3300721ddf8de069b0647b55e718e6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 20 Nov 2013 11:58:22 -0500
Subject: Use secure_getenv in client and mechglue module

proxymehc.so may be used in setuid binaries so follow best security
practices and use secure_getenv() if available.
Fallback to poorman emulation when secure_getenv() is not available.

Resolves: https://fedorahosted.org/gss-proxy/ticket/110
---
 proxy/src/mechglue/gss_plugin.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'proxy/src/mechglue/gss_plugin.c')

diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c
index 0e62990..9a06d10 100644
--- a/proxy/src/mechglue/gss_plugin.c
+++ b/proxy/src/mechglue/gss_plugin.c
@@ -64,7 +64,7 @@ enum gpp_behavior gpp_get_behavior(void)
     char *envval;
 
     if (behavior == GPP_UNINITIALIZED) {
-        envval = getenv("GSSPROXY_BEHAVIOR");
+        envval = gp_getenv("GSSPROXY_BEHAVIOR");
         if (envval) {
             if (strcmp(envval, "LOCAL_ONLY") == 0) {
                 behavior = GPP_LOCAL_ONLY;
@@ -102,7 +102,7 @@ gss_OID_set gss_mech_interposer(gss_OID mech_type)
 
     /* avoid looping in the gssproxy daemon by avoiding to interpose
      * any mechanism */
-    envval = getenv("GSS_USE_PROXY");
+    envval = gp_getenv("GSS_USE_PROXY");
     if (!envval) {
         return NULL;
     }
-- 
cgit