summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Makefile5
-rw-r--r--lib/env.c73
-rw-r--r--lib/env.h2
-rw-r--r--lib/err.c6
-rw-r--r--lib/nls.h33
-rw-r--r--lib/setproctitle.c16
6 files changed, 120 insertions, 15 deletions
diff --git a/lib/Makefile b/lib/Makefile
index 5503a6059..a9f8596d1 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -1,13 +1,16 @@
+include ../make_include
include ../MCONFIG
CFLAGS=-I$(LIB) $(OPT)
-all: err.o my_reboot.o setproctitle.o
+all: err.o my_reboot.o setproctitle.o env.o
err.o: err.c
my_reboot.o: my_reboot.c linux_reboot.h
+env.o: env.h
+
setproctitle.o: setproctitle.h
.PHONY: clean
diff --git a/lib/env.c b/lib/env.c
new file mode 100644
index 000000000..69c821c2d
--- /dev/null
+++ b/lib/env.c
@@ -0,0 +1,73 @@
+/*
+ * Security checks of enviroment
+ * Added from shadow-utils package
+ * by Arkadiusz Mi¶kiewicz <misiek@misiek.eu.org>
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "env.h"
+
+extern char **environ;
+
+static char * const forbid[] = {
+ "_RLD_=",
+ "BASH_ENV=", /* GNU creeping featurism strikes again... */
+ "ENV=",
+ "HOME=",
+ "IFS=",
+ "KRB_CONF=",
+ "LD_", /* anything with the LD_ prefix */
+ "LIBPATH=",
+ "MAIL=",
+ "NLSPATH=",
+ "PATH=",
+ "SHELL=",
+ "SHLIB_PATH=",
+ (char *) 0
+};
+
+/* these are allowed, but with no slashes inside
+ (to work around security problems in GNU gettext) */
+static char * const noslash[] = {
+ "LANG=",
+ "LANGUAGE=",
+ "LC_", /* anything with the LC_ prefix */
+ (char *) 0
+};
+
+void
+sanitize_env(void)
+{
+ char **envp = environ;
+ char * const *bad;
+ char **cur;
+ char **move;
+
+ for (cur = envp; *cur; cur++) {
+ for (bad = forbid; *bad; bad++) {
+ if (strncmp(*cur, *bad, strlen(*bad)) == 0) {
+ for (move = cur; *move; move++)
+ *move = *(move + 1);
+ cur--;
+ break;
+ }
+ }
+ }
+
+ for (cur = envp; *cur; cur++) {
+ for (bad = noslash; *bad; bad++) {
+ if (strncmp(*cur, *bad, strlen(*bad)) != 0)
+ continue;
+ if (!strchr(*cur, '/'))
+ continue; /* OK */
+ for (move = cur; *move; move++)
+ *move = *(move + 1);
+ cur--;
+ break;
+ }
+ }
+}
+
diff --git a/lib/env.h b/lib/env.h
new file mode 100644
index 000000000..d69b4f295
--- /dev/null
+++ b/lib/env.h
@@ -0,0 +1,2 @@
+extern void sanitize_env (void);
+
diff --git a/lib/err.c b/lib/err.c
index 2731a714f..d53192240 100644
--- a/lib/err.c
+++ b/lib/err.c
@@ -43,9 +43,11 @@
#include <varargs.h>
#endif
+#include "../defines.h"
+#ifdef HAVE_progname
extern char *__progname; /* Program name, from crt0. */
-#ifdef __linux__
-char *__progname;
+#else
+char *__progname = "foo"; /* probably libc4 */
#endif
__dead void
diff --git a/lib/nls.h b/lib/nls.h
new file mode 100644
index 000000000..67b42a999
--- /dev/null
+++ b/lib/nls.h
@@ -0,0 +1,33 @@
+
+#include "../defines.h" /* for HAVE_locale_h */
+
+#ifndef PACKAGE
+#define PACKAGE "util-linux"
+#endif
+
+#ifndef LOCALEDIR
+#define LOCALEDIR "/usr/share/locale"
+#endif
+
+#ifdef HAVE_locale_h
+# include <locale.h>
+#endif
+
+#ifdef ENABLE_NLS
+# include <libintl.h>
+# define _(Text) gettext (Text)
+# ifdef gettext_noop
+# define N_(String) gettext_noop (String)
+# else
+# define N_(String) (String)
+# endif
+#else
+# undef bindtextdomain
+# define bindtextdomain(Domain, Directory) /* empty */
+# undef textdomain
+# define textdomain(Domain) /* empty */
+# define _(Text) (Text)
+# define N_(Text) (Text)
+#endif
+
+
diff --git a/lib/setproctitle.c b/lib/setproctitle.c
index bff1362da..319bc6a9f 100644
--- a/lib/setproctitle.c
+++ b/lib/setproctitle.c
@@ -20,10 +20,6 @@
#include <stdarg.h>
#include "setproctitle.h"
-#ifndef SPT_PADCHAR
-#define SPT_PADCHAR ' '
-#endif
-
#ifndef SPT_BUFSIZE
#define SPT_BUFSIZE 2048
#endif
@@ -65,7 +61,6 @@ initproctitle (int argc, char **argv) {
/* Nice code, but many places do not know about vsnprintf ... */
void
setproctitle (const char *fmt,...) {
- char *p;
int i;
char buf[SPT_BUFSIZE];
va_list ap;
@@ -82,16 +77,14 @@ setproctitle (const char *fmt,...) {
i = argv_lth - 2;
buf[i] = '\0';
}
+ memset(argv0[0], '\0', argv_lth); /* clear the memory area */
(void) strcpy (argv0[0], buf);
- p = &argv0[0][i];
- while (i < argv_lth)
- *p++ = SPT_PADCHAR, i++;
+
argv0[1] = NULL;
}
#else
void
setproctitle (const char *prog, const char *txt) {
- char *p;
int i;
char buf[SPT_BUFSIZE];
@@ -108,10 +101,9 @@ setproctitle (const char *prog, const char *txt) {
i = argv_lth - 2;
buf[i] = '\0';
}
+ memset(argv0[0], '\0', argv_lth); /* clear the memory area */
(void) strcpy (argv0[0], buf);
- p = &argv0[0][i];
- while (i < argv_lth)
- *p++ = SPT_PADCHAR, i++;
+
argv0[1] = NULL;
}
#endif