From 88fae6e0441d4195e089434f07d3e7fd811d6297 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Aug 2012 18:47:01 +0200
Subject: shared: in code that might get called from suid programs use
 __secure_getenv() rather than getenv()

It's better to be safe than sorry.
---
 src/core/dbus.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/core/dbus.c')

diff --git a/src/core/dbus.c b/src/core/dbus.c
index 9db172b6e6..1fc714823e 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -955,12 +955,12 @@ static DBusConnection* manager_bus_connect_private(Manager *m, DBusBusType type)
 
         switch (type) {
         case DBUS_BUS_SYSTEM:
-                address = getenv("DBUS_SYSTEM_BUS_ADDRESS");
+                address = __secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
                 if (!address || !address[0])
                         address = DBUS_SYSTEM_BUS_DEFAULT_ADDRESS;
                 break;
         case DBUS_BUS_SESSION:
-                address = getenv("DBUS_SESSION_BUS_ADDRESS");
+                address = __secure_getenv("DBUS_SESSION_BUS_ADDRESS");
                 if (!address || !address[0])
                         address = DBUS_SESSION_BUS_DEFAULT_ADDRESS;
                 break;
@@ -1077,7 +1077,7 @@ static int bus_init_private(Manager *m) {
                 const char *e;
                 char *p;
 
-                e = getenv("XDG_RUNTIME_DIR");
+                e = __secure_getenv("XDG_RUNTIME_DIR");
                 if (!e)
                         return 0;
 
-- 
cgit v1.2.3-54-g00ecf