--- a/cmd/httpserv/httpserv.c
+++ b/cmd/httpserv/httpserv.c
@@ -1263,21 +1263,21 @@ main(int argc, char **argv)
FILE *tmpfile=fopen(pidFile,"w+");
if (tmpfile) {
fprintf(tmpfile,"%d",getpid());
fclose(tmpfile);
}
}
- tmp = getenv("TMP");
+ tmp = PR_GetEnvSecure("TMP");
if (!tmp)
- tmp = getenv("TMPDIR");
+ tmp = PR_GetEnvSecure("TMPDIR");
if (!tmp)
- tmp = getenv("TEMP");
+ tmp = PR_GetEnvSecure("TEMP");
/* we're an ordinary single process server. */
listen_sock = getBoundListenSocket(port);
prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
if (prStatus != PR_SUCCESS)
errExit("PR_SetFDInheritable");
lm = PR_NewLogModule("TestCase");
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -411,17 +411,17 @@ struct matchobj {
};
char *
SECU_DefaultSSLDir(void)
{
char *dir;
static char sslDir[1000];
- dir = PR_GetEnv("SSL_DIR");
+ dir = PR_GetEnvSecure("SSL_DIR");
if (!dir)
return NULL;
if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
return NULL;
}
sprintf(sslDir, "%s", dir);
@@ -450,17 +450,17 @@ SECU_ConfigDirectory(const char* base)
const char *dir = ".netscape";
char *home;
static char buf[1000];
if (initted) return buf;
if (base == NULL || *base == 0) {
- home = PR_GetEnv("HOME");
+ home = PR_GetEnvSecure("HOME");
if (!home) home = "";
if (*home && home[strlen(home) - 1] == '/')
sprintf (buf, "%.900s%s", home, dir);
else
sprintf (buf, "%.900s/%s", home, dir);
} else {
sprintf(buf, "%.900s", base);
--- a/cmd/lib/secutil.h
+++ b/cmd/lib/secutil.h
@@ -111,17 +111,17 @@ extern SECStatus SEC_WriteDongleFile(int
extern char *SEC_ReadDongleFile(int fd);
/* End stolen headers */
/* Just sticks the two strings together with a / if needed */
char *SECU_AppendFilenameToDir(char *dir, char *filename);
-/* Returns result of getenv("SSL_DIR") or NULL */
+/* Returns result of PR_GetEnvSecure("SSL_DIR") or NULL */
extern char *SECU_DefaultSSLDir(void);
/*
** Should be called once during initialization to set the default
** directory for looking for cert.db, key.db, and cert-nameidx.db files
** Removes trailing '/' in 'base'
** If 'base' is NULL, defaults to set to .netscape in home directory.
*/
--- a/cmd/libpkix/pkix/top/test_validatechain_NB.c
+++ b/cmd/libpkix/pkix/top/test_validatechain_NB.c
@@ -244,17 +244,17 @@ int test_validatechain_NB(int argc, char
NULL,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
PKIX_FALSE,
chainCerts,
plContext);
- ldapName = PR_GetEnv("LDAP");
+ ldapName = PR_GetEnvSecure("LDAP");
/* Is LDAP set in the environment? */
if ((ldapName == NULL) || (*ldapName == '\0')) {
testError("LDAP not set in environment");
goto cleanup;
}
pkixTestErrorResult = pkix_pl_Socket_CreateByName
(PKIX_FALSE, /* isServer */
@@ -271,17 +271,17 @@ int test_validatechain_NB(int argc, char
testError("Unable to connect to LDAP Server");
goto cleanup;
}
PKIX_TEST_DECREF_BC(socket);
testSetupCertStore(valParams, ldapName);
- logging = PR_GetEnv("LOGGING");
+ logging = PR_GetEnvSecure("LOGGING");
/* Is LOGGING set in the environment? */
if ((logging != NULL) && (*logging != '\0')) {
PKIX_TEST_EXPECT_NO_ERROR
(PKIX_List_Create(&loggers, plContext));
testLogErrors
(PKIX_VALIDATE_ERROR, 2, loggers, plContext);
--- a/cmd/modutil/installparse.c
+++ b/cmd/modutil/installparse.c
@@ -196,19 +196,19 @@ Pk11Install_yyerror(char *message)
#define YYACCEPT goto yyaccept
#define YYERROR goto yyerrlab
int
yyparse()
{
register int yym, yyn, yystate;
#if YYDEBUG
register char *yys;
- extern char *getenv();
+ extern char *PR_GetEnvSecure();
- if ((yys = getenv("YYDEBUG")) != NULL)
+ if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL)
{
yyn = *yys;
if (yyn >= '0' && yyn <= '9')
yydebug = yyn - '0';
}
#endif
yynerrs = 0;
--- a/cmd/pk11mode/pk11mode.c
+++ b/cmd/pk11mode/pk11mode.c
@@ -749,17 +749,17 @@ cleanup:
}
if (moduleSpec) {
PR_smprintf_free(moduleSpec);
}
#ifdef _WIN32
FreeLibrary(hModule);
#else
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
PR_UnloadLibrary(lib);
}
#endif
if (CKR_OK == crv && doForkTests && !disableUnload) {
/* try to fork with softoken both de-initialized and unloaded */
crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
}
--- a/cmd/pk11util/pk11util.c
+++ b/cmd/pk11util/pk11util.c
@@ -1399,17 +1399,17 @@ putOutput(Value **ptr)
}
}
CK_RV
unloadModule(Module *module)
{
char *disableUnload = NULL;
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (module->library && !disableUnload) {
PR_UnloadLibrary(module->library);
}
module->library = NULL;
module->functionList = NULL;
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -2454,22 +2454,22 @@ main(int argc, char **argv)
if (testBulk) {
testBulkBuf = PORT_Malloc(testBulkSize);
if (testBulkBuf == NULL)
errExit("Out of memory: testBulkBuf");
for (i = 0; i < testBulkSize; i++)
testBulkBuf[i] = i;
}
- envString = getenv(envVarName);
- tmp = getenv("TMP");
+ envString = PR_GetEnvSecure(envVarName);
+ tmp = PR_GetEnvSecure("TMP");
if (!tmp)
- tmp = getenv("TMPDIR");
+ tmp = PR_GetEnvSecure("TMPDIR");
if (!tmp)
- tmp = getenv("TEMP");
+ tmp = PR_GetEnvSecure("TEMP");
if (envString) {
/* we're one of the children in a multi-process server. */
listen_sock = PR_GetInheritedFD(inheritableSockName);
if (!listen_sock)
errExit("PR_GetInheritedFD");
#ifndef WINNT
/* we can't do this on NT because it breaks NSPR and
PR_Accept will fail on the socket in the child process if
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -1283,17 +1283,17 @@ cleanup:
PL_strfree(output_file);
}
#ifdef USES_LINKS
if (link_file) { /* allocated by mkoutput function */
PL_strfree(link_file);
}
#endif
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
PR_UnloadLibrary(lib);
}
PR_Cleanup();
if (crv != CKR_OK)
return crv;
--- a/cmd/signtool/javascript.c
+++ b/cmd/signtool/javascript.c
@@ -59,17 +59,17 @@ static int num_handlers = 23;
int
InlineJavaScript(char *dir, PRBool recurse)
{
jartree = dir;
if (verbosity >= 0) {
PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
dir);
}
- if (PR_GetEnv("SIGNTOOL_DUMP_PARSE")) {
+ if (PR_GetEnvSecure("SIGNTOOL_DUMP_PARSE")) {
dumpParse = PR_TRUE;
}
return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
(void * )NULL);
}
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -1,15 +1,16 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "signtool.h"
#include "prio.h"
#include "prmem.h"
+#include "prenv.h"
#include "nss.h"
static int is_dir (char *filename);
/***********************************************************
* Nasty hackish function definitions
*/
@@ -976,30 +977,30 @@ InitCrypto(char *cert_dir, PRBool readOn
char *get_default_cert_dir (void)
{
char *home;
char *cd = NULL;
static char db [FNSIZE];
#ifdef XP_UNIX
- home = getenv ("HOME");
+ home = PR_GetEnvSecure ("HOME");
if (home && *home) {
sprintf (db, "%s/.netscape", home);
cd = db;
}
#endif
#ifdef XP_PC
FILE * fp;
/* first check the environment override */
- home = getenv ("JAR_HOME");
+ home = PR_GetEnvSecure ("JAR_HOME");
if (home && *home) {
sprintf (db, "%s/cert7.db", home);
if ((fp = fopen (db, "r")) != NULL) {
fclose (fp);
cd = home;
}
--- a/cmd/smimetools/cmsutil.c
+++ b/cmd/smimetools/cmsutil.c
@@ -1064,19 +1064,19 @@ main(int argc, char **argv)
char *envFileName;
SECItem input = { 0, 0, 0};
SECItem envmsg = { 0, 0, 0 };
SECStatus rv;
PRFileDesc *contentFile = NULL;
PRBool batch = PR_FALSE;
#ifdef NISCC_TEST
- const char *ev = PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST");
+ const char *ev = PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST");
PORT_Assert(ev);
- ev = PR_GetEnv("NSS_STRICT_SHUTDOWN");
+ ev = PR_GetEnvSecure("NSS_STRICT_SHUTDOWN");
PORT_Assert(ev);
#endif
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0];
--- a/cmd/strsclnt/strsclnt.c
+++ b/cmd/strsclnt/strsclnt.c
@@ -1443,17 +1443,17 @@ main(int argc, char **argv)
if (port == 0)
Usage(progName);
if (fileName)
readBigFile(fileName);
PK11_SetPasswordFunc(SECU_GetModulePassword);
- tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT");
+ tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
if (tmp && tmp[0]) {
int sec = PORT_Atoi(tmp);
if (sec > 0) {
maxInterval = PR_SecondsToInterval(sec);
}
}
/* Call the NSS initialization routines */
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -963,17 +963,17 @@ int main(int argc, char **argv)
serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
serverCertAuth.allowCRLSideChannelData = PR_TRUE;
progName = strrchr(argv[0], '/');
if (!progName)
progName = strrchr(argv[0], '\\');
progName = progName ? progName+1 : argv[0];
- tmp = PR_GetEnv("NSS_DEBUG_TIMEOUT");
+ tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
if (tmp && tmp[0]) {
int sec = PORT_Atoi(tmp);
if (sec > 0) {
maxInterval = PR_SecondsToInterval(sec);
}
}
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
--- a/external_tests/google_test/gtest/test/gtest_unittest.cc
+++ b/external_tests/google_test/gtest/test/gtest_unittest.cc
@@ -416,19 +416,19 @@ class FormatEpochTimeInMillisAsIso8601Te
// 32 bits, even when 64-bit integer types are available. We have to
// force the constants to have a 64-bit type here.
static const TimeInMillis kMillisPerSec = 1000;
private:
virtual void SetUp() {
saved_tz_ = NULL;
- GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* getenv, strdup: deprecated */)
- if (getenv("TZ"))
- saved_tz_ = strdup(getenv("TZ"));
+ GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* PR_GetEnvSecure, strdup: deprecated */)
+ if (PR_GetEnvSecure("TZ"))
+ saved_tz_ = strdup(PR_GetEnvSecure("TZ"));
GTEST_DISABLE_MSC_WARNINGS_POP_()
// Set up the time zone for FormatEpochTimeInMillisAsIso8601 to use. We
// cannot use the local time zone because the function's output depends
// on the time zone.
SetTimeZone("UTC+00");
}
--- a/external_tests/ssl_gtest/ssl_gtest.cc
+++ b/external_tests/ssl_gtest/ssl_gtest.cc
@@ -1,9 +1,10 @@
#include "nspr.h"
+#include "prenv.h"
#include "nss.h"
#include "ssl.h"
#include <cstdlib>
#include "test_io.h"
#define GTEST_HAS_RTTI 0
@@ -11,17 +12,17 @@
std::string g_working_dir_path;
int main(int argc, char **argv) {
// Start the tests
::testing::InitGoogleTest(&argc, argv);
g_working_dir_path = ".";
- char* workdir = getenv("NSS_GTEST_WORKDIR");
+ char* workdir = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
if (workdir)
g_working_dir_path = workdir;
for (int i = 0; i < argc; i++) {
if (!strcmp(argv[i], "-d")) {
g_working_dir_path = argv[i + 1];
++i;
}
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -1339,17 +1339,17 @@ CERT_AddOKDomainName(CERTCertificate *ce
** This function may modify string cn, so caller must pass a modifiable copy.
*/
static SECStatus
cert_TestHostName(char *cn, const char *hn)
{
static int useShellExp = -1;
if (useShellExp < 0) {
- useShellExp = (NULL != PR_GetEnv("NSS_USE_SHEXP_IN_CERT_NAME"));
+ useShellExp = (NULL != PR_GetEnvSecure("NSS_USE_SHEXP_IN_CERT_NAME"));
}
if (useShellExp) {
/* Backward compatible code, uses Shell Expressions (SHEXP). */
int regvalid = PORT_RegExpValid(cn);
if (regvalid != NON_SXP) {
SECStatus rv;
/* cn is a regular expression, try to match the shexp */
int match = PORT_RegExpCaseSearch(hn, cn);
--- a/lib/certhigh/certvfypkix.c
+++ b/lib/certhigh/certvfypkix.c
@@ -1132,17 +1132,17 @@ cert_VerifyCertChainPkix(
* Setting the variable to false, to make additional chain
* validations be handled by old nss. */
usePKIXValidationEngine = PR_FALSE;
}
testStartFnStackPosition = 2;
fnStackNameArr[0] = "cert_VerifyCertChainPkix";
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
- (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
+ (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
@@ -2014,17 +2014,17 @@ CERT_PKIXVerifyCert(
* Setting the variable to false, to make additional chain
* validations be handled by old nss. */
usePKIXValidationEngine = PR_FALSE;
}
testStartFnStackPosition = 1;
fnStackNameArr[0] = "CERT_PKIXVerifyCert";
fnStackInvCountArr[0] = 0;
PKIX_Boolean abortOnLeak =
- (PR_GetEnv("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
+ (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ?
PKIX_FALSE
: PKIX_TRUE;
runningLeakTest = PKIX_TRUE;
/* Prevent multi-threaded run of object leak test */
fnInvLocalCount = PR_ATOMIC_INCREMENT(¶llelFnInvocationCount);
PORT_Assert(fnInvLocalCount == 1);
--- a/lib/certhigh/ocsp.c
+++ b/lib/certhigh/ocsp.c
@@ -154,17 +154,17 @@ cert_DupOCSPCertID(const CERTOCSPCertID
static PRBool
wantOcspTrace(void)
{
static PRBool firstTime = PR_TRUE;
static PRBool wantTrace = PR_FALSE;
#ifdef NSS_HAVE_GETENV
if (firstTime) {
- char *ev = getenv("NSS_TRACE_OCSP");
+ char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP");
if (ev && ev[0]) {
wantTrace = PR_TRUE;
}
firstTime = PR_FALSE;
}
#endif
return wantTrace;
}
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -899,17 +899,17 @@ BL_Unload(void)
* namely C_Finalize in softoken, and the SSL bypass shutdown callback called
* from NSS_Shutdown. */
char *disableUnload = NULL;
vector = NULL;
/* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
* never does a handshake on it, BL_Unload will be called even though freebl
* was never loaded. So, don't assert blLib. */
if (blLib) {
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(blLib);
PORT_Assert(PR_SUCCESS == status);
#else
PR_UnloadLibrary(blLib);
#endif
}
--- a/lib/freebl/mpi/utils/isprime.c
+++ b/lib/freebl/mpi/utils/isprime.c
@@ -33,17 +33,17 @@ int main(int argc, char *argv[])
"Use '0x' prefix for a hexadecimal value\n", g_prog);
return 1;
}
/* Read number of tests from environment, if present */
{
char *tmp;
- if((tmp = getenv("RM_TESTS")) != NULL) {
+ if((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) {
if((g_tests = atoi(tmp)) <= 0)
g_tests = RM_TESTS;
}
}
mp_init(&a);
if(argv[1][0] == '0' && argv[1][1] == 'x')
mp_read_radix(&a, argv[1] + 2, 16);
--- a/lib/freebl/mpi/utils/metime.c
+++ b/lib/freebl/mpi/utils/metime.c
@@ -22,18 +22,18 @@ int main(int argc, char *argv[])
{
int ix, num, prec = 8;
unsigned int seed;
clock_t start, stop;
double sec;
mp_int a, m, c;
- if(getenv("SEED") != NULL)
- seed = abs(atoi(getenv("SEED")));
+ if(PR_GetEnvSecure("SEED") != NULL)
+ seed = abs(atoi(PR_GetEnvSecure("SEED")));
else
seed = (unsigned int)time(NULL);
if(argc < 2) {
fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
return 1;
}
--- a/lib/freebl/mpi/utils/primegen.c
+++ b/lib/freebl/mpi/utils/primegen.c
@@ -41,17 +41,17 @@ int main(int argc, char *argv[])
int rawlen, bits, outlen, ngen, ix, jx;
int g_strong = 0;
mp_int testval;
mp_err res;
clock_t start, end;
/* We'll just use the C library's rand() for now, although this
won't be good enough for cryptographic purposes */
- if((out = getenv("SEED")) == NULL) {
+ if((out = PR_GetEnvSecure("SEED")) == NULL) {
srand((unsigned int)time(NULL));
} else {
srand((unsigned int)atoi(out));
}
if(argc < 2) {
fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
return 1;
--- a/lib/freebl/rijndael.c
+++ b/lib/freebl/rijndael.c
@@ -2,16 +2,17 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
#include "prinit.h"
+#include "prenv.h"
#include "prerr.h"
#include "secerr.h"
#include "prtypes.h"
#include "blapi.h"
#include "rijndael.h"
#include "cts.h"
@@ -1036,17 +1037,17 @@ aes_InitContext(AESContext *cx, const un
}
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
#ifdef USE_HW_AES
if (has_intel_aes == 0) {
unsigned long eax, ebx, ecx, edx;
- char *disable_hw_aes = getenv("NSS_DISABLE_HW_AES");
+ char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
if (disable_hw_aes == NULL) {
freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
#ifdef INTEL_GCM
has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
check_xcr0_ymm()) {
--- a/lib/freebl/stubs.c
+++ b/lib/freebl/stubs.c
@@ -133,16 +133,17 @@ STUB_DECLARE(PRFileDesc *,PR_Open,(const
PRIntn mode));
STUB_DECLARE(PRInt32,PR_Read,(PRFileDesc *fd, void *buf, PRInt32 amount));
STUB_DECLARE(PROffset32,PR_Seek,(PRFileDesc *fd, PROffset32 offset,
PRSeekWhence whence));
STUB_DECLARE(PRStatus,PR_Sleep,(PRIntervalTime ticks));
STUB_DECLARE(PRStatus,PR_Unlock,(PRLock *lock));
STUB_DECLARE(PRStatus,PR_WaitCondVar,(PRCondVar *cvar,
PRIntervalTime timeout));
+STUB_DECLARE(char*,PR_GetEnvSecure,(const char *));
STUB_DECLARE(SECItem *,SECITEM_AllocItem_Util,(PLArenaPool *arena,
SECItem *item,unsigned int len));
STUB_DECLARE(SECComparison,SECITEM_CompareItem_Util,(const SECItem *a,
const SECItem *b));
STUB_DECLARE(SECStatus,SECITEM_CopyItem_Util,(PLArenaPool *arena,
SECItem *to,const SECItem *from));
@@ -460,16 +461,23 @@ PR_NotifyAllCondVar_stub(PRCondVar *cvar
extern PRStatus
PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout)
{
STUB_SAFE_CALL2(PR_WaitCondVar, cvar, timeout);
abort();
return PR_FAILURE;
}
+extern char*
+PR_GetEnvSecure_stub(const char *var)
+{
+ STUB_SAFE_CALL1(PR_GetEnvSecure, var);
+ abort();
+ return NULL;
+}
extern void
PR_DestroyCondVar_stub(PRCondVar *cvar)
{
STUB_SAFE_CALL1(PR_DestroyCondVar, cvar);
abort();
return;
@@ -565,16 +573,17 @@ freebl_InitNSPR(void *lib)
STUB_FETCH_FUNCTION(PR_NotifyCondVar);
STUB_FETCH_FUNCTION(PR_NotifyAllCondVar);
STUB_FETCH_FUNCTION(PR_WaitCondVar);
STUB_FETCH_FUNCTION(PR_DestroyCondVar);
STUB_FETCH_FUNCTION(PR_NewLock);
STUB_FETCH_FUNCTION(PR_Unlock);
STUB_FETCH_FUNCTION(PR_Lock);
STUB_FETCH_FUNCTION(PR_DestroyLock);
+ STUB_FETCH_FUNCTION(PR_GetEnvSecure);
return SECSuccess;
}
static SECStatus
freebl_InitNSSUtil(void *lib)
{
STUB_FETCH_FUNCTION(PORT_Alloc_Util);
STUB_FETCH_FUNCTION(PORT_Free_Util);
--- a/lib/freebl/stubs.h
+++ b/lib/freebl/stubs.h
@@ -53,12 +53,13 @@
#define PR_NotifyCondVar PR_NotifyCondVar_stub
#define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
#define PR_Open PR_Open_stub
#define PR_Read PR_Read_stub
#define PR_Seek PR_Seek_stub
#define PR_Sleep PR_Sleep_stub
#define PR_Unlock PR_Unlock_stub
#define PR_WaitCondVar PR_WaitCondVar_stub
+#define PR_GetEnvSecure PR_GetEnvSecure_stub
extern int FREEBL_InitStubs(void);
#endif
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
@@ -12,16 +12,17 @@
#include <sys/time.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include "secrng.h"
#include "secerr.h"
#include "prerror.h"
#include "prthread.h"
#include "prprf.h"
+#include "prenv.h"
size_t RNG_FileUpdate(const char *fileName, size_t limit);
/*
* When copying data to the buffer we want the least signicant bytes
* from the input since those bits are changing the fastest. The address
* of least significant byte depends upon whether we are running on
* a big-endian or little-endian machine.
@@ -883,19 +884,19 @@ void RNG_SystemInfoForRNG(void)
RNG_RandomUpdate(buf, strlen(buf));
}
GiveSystemInfo();
/* grab some data from system's PRNG before any other files. */
bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
/* If the user points us to a random file, pass it through the rng */
- randfile = getenv("NSRANDFILE");
+ randfile = PR_GetEnvSecure("NSRANDFILE");
if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
- char *randCountString = getenv("NSRANDCOUNT");
+ char *randCountString = PR_GetEnvSecure("NSRANDCOUNT");
int randCount = randCountString ? atoi(randCountString) : 0;
if (randCount != 0) {
RNG_FileUpdate(randfile, randCount);
} else {
RNG_FileForRNG(randfile);
}
}
@@ -1070,17 +1071,17 @@ int ReadOneFile(int fileToRead)
#else
struct dirent entry, firstEntry;
#define entry_dir entry
#endif
int i, error = -1;
if (fd == NULL) {
- dir = getenv("HOME");
+ dir = PR_GetEnvSecure("HOME");
if (dir) {
fd = opendir(dir);
}
}
if (fd == NULL) {
return 1;
}
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -760,17 +760,17 @@ pkix_pl_Socket_RegisterSelf(void *plCont
entry.comparator = NULL;
entry.duplicateFunction = NULL;
systemClasses[PKIX_SOCKET_TYPE] = entry;
#ifdef PKIX_SOCKETTRACE
{
char *val = NULL;
- val = PR_GetEnv("SOCKETTRACE");
+ val = PR_GetEnvSecure("SOCKETTRACE");
/* Is SOCKETTRACE set in the environment? */
if ((val != NULL) && (*val != '\0')) {
socketTraceFlag =
((*val == '1')?PKIX_TRUE:PKIX_FALSE);
}
}
#endif
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -130,17 +130,17 @@ PKIX_PL_Initialize(
PKIX_RETURN(OBJECT);
}
classTableLock = PR_NewLock();
if (classTableLock == NULL) {
return PKIX_ALLOC_ERROR();
}
- if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+ if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
pkixLog = PR_NewLogModule("pkix");
}
/*
* Register Object, it is the base object of all other objects.
*/
pkix_pl_Object_RegisterSelf(plContext);
/*
@@ -257,17 +257,17 @@ PKIX_PL_Shutdown(void *plContext)
}
PR_DestroyLock(classTableLock);
pkix_pl_HttpCertStore_Shutdown(plContext);
#ifdef DEBUG
numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
- if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+ if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
PORT_Assert(numLeakedObjects == 0);
}
#else
pkix_pl_lifecycle_ObjectLeakCheck(NULL);
#endif
if (plContext != NULL) {
PKIX_PL_NssContext_Destroy(plContext);
--- a/lib/nss/nssinit.c
+++ b/lib/nss/nssinit.c
@@ -686,17 +686,17 @@ nss_Init(const char *configdir, const ch
pkixError = PKIX_Initialize
(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
if (pkixError != NULL) {
goto loser;
} else {
- char *ev = getenv("NSS_ENABLE_PKIX_VERIFY");
+ char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
if (ev && ev[0]) {
CERT_SetUsePKIXForValidation(PR_TRUE);
}
}
}
--- a/lib/pk11wrap/debug_module.c
+++ b/lib/pk11wrap/debug_module.c
@@ -2680,17 +2680,17 @@ static void print_final_statistics(void)
int total_calls = 0;
PRIntervalTime total_time = 0;
PRUint32 pr_total_time;
char *type;
char *fname;
FILE *outfile = NULL;
int i;
- fname = PR_GetEnv("NSS_OUTPUT_FILE");
+ fname = PR_GetEnvSecure("NSS_OUTPUT_FILE");
if (fname) {
/* need to add an optional process id to the filename */
outfile = fopen(fname,"w+");
}
if (!outfile) {
outfile = stdout;
}
--- a/lib/pk11wrap/pk11akey.c
+++ b/lib/pk11wrap/pk11akey.c
@@ -163,17 +163,17 @@ PK11_ImportPublicKey(PK11SlotInfo *slot,
case ecKey:
keyType = CKK_EC;
PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));attrs++;
PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));attrs++;
signedattr = attrs;
PK11_SETATTRS(attrs, CKA_EC_PARAMS,
pubKey->u.ec.DEREncodedParams.data,
pubKey->u.ec.DEREncodedParams.len); attrs++;
- if (PR_GetEnv("NSS_USE_DECODED_CKA_EC_POINT")) {
+ if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
PK11_SETATTRS(attrs, CKA_EC_POINT,
pubKey->u.ec.publicValue.data,
pubKey->u.ec.publicValue.len); attrs++;
} else {
pubValue = SEC_ASN1EncodeItem(NULL, NULL,
&pubKey->u.ec.publicValue,
SEC_ASN1_GET(SEC_OctetStringTemplate));
if (pubValue == NULL) {
--- a/lib/pk11wrap/pk11load.c
+++ b/lib/pk11wrap/pk11load.c
@@ -461,17 +461,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
/*
* We need to get the function list
*/
if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK)
goto fail;
#ifdef DEBUG_MODULE
if (PR_TRUE) {
- modToDBG = PR_GetEnv("NSS_DEBUG_PKCS11_MODULE");
+ modToDBG = PR_GetEnvSecure("NSS_DEBUG_PKCS11_MODULE");
if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) {
mod->functionList = (void *)nss_InsertDeviceLog(
(CK_FUNCTION_LIST_PTR)mod->functionList);
}
}
#endif
mod->isThreadSafe = PR_TRUE;
@@ -553,17 +553,17 @@ secmod_LoadPKCS11Module(SECMODModule *mo
mod->moduleID = nextModuleID++;
return SECSuccess;
fail2:
if (enforceAlreadyInitializedError || (!alreadyLoaded)) {
PK11_GETTAB(mod)->C_Finalize(NULL);
}
fail:
mod->functionList = NULL;
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (library && !disableUnload) {
PR_UnloadLibrary(library);
}
return SECFailure;
}
SECStatus
SECMOD_UnloadModule(SECMODModule *mod) {
@@ -582,17 +582,17 @@ SECMOD_UnloadModule(SECMODModule *mod) {
mod->loaded = PR_FALSE;
/* do we want the semantics to allow unloading the internal library?
* if not, we should change this to SECFailure and move it above the
* mod->loaded = PR_FALSE; */
if (mod->internal && (mod->dllName == NULL)) {
if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
if (softokenLib) {
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(softokenLib);
PORT_Assert(PR_SUCCESS == status);
#else
PR_UnloadLibrary(softokenLib);
#endif
}
@@ -604,17 +604,17 @@ SECMOD_UnloadModule(SECMODModule *mod) {
}
library = (PRLibrary *)mod->library;
/* paranoia */
if (library == NULL) {
return SECFailure;
}
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
PR_UnloadLibrary(library);
}
return SECSuccess;
}
void
nss_DumpModuleLog(void)
--- a/lib/pk11wrap/pk11pars.c
+++ b/lib/pk11wrap/pk11pars.c
@@ -1081,17 +1081,17 @@ secmod_configIsDBM(char *configDir)
return PR_TRUE;
}
/* explicit open of a non-dbm database */
if ((strncmp(configDir, "sql:",4) == 0)
|| (strncmp(configDir, "rdb:", 4) == 0)
|| (strncmp(configDir, "extern:", 7) == 0)) {
return PR_FALSE;
}
- env = PR_GetEnv("NSS_DEFAULT_DB_TYPE");
+ env = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
/* implicit dbm open */
if ((env == NULL) || (strcmp(env,"dbm") == 0)) {
return PR_TRUE;
}
/* implicit non-dbm open */
return PR_FALSE;
}
--- a/lib/pk11wrap/pk11util.c
+++ b/lib/pk11wrap/pk11util.c
@@ -79,17 +79,17 @@ SECMOD_Shutdown()
}
/* make all the slots and the lists go away */
PK11_DestroySlotLists();
nss_DumpModuleLog();
#ifdef DEBUG
- if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
+ if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
PORT_Assert(secmod_PrivateModuleCount == 0);
}
#endif
if (secmod_PrivateModuleCount) {
PORT_SetError(SEC_ERROR_BUSY);
return SECFailure;
}
return SECSuccess;
--- a/lib/softoken/fipstokn.c
+++ b/lib/softoken/fipstokn.c
@@ -431,17 +431,17 @@ CK_RV FC_Initialize(CK_VOID_PTR pReserve
CK_RV crv;
sftk_ForkReset(pReserved, &crv);
if (nsf_init) {
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
}
- if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
+ if ((envp = PR_GetEnvSecure("NSS_ENABLE_AUDIT")) != NULL) {
sftk_audit_enabled = (atoi(envp) == 1);
}
crv = nsc_CommonInitialize(pReserved, PR_TRUE);
/* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
if (crv != CKR_OK) {
sftk_fatalError = PR_TRUE;
--- a/lib/softoken/legacydb/lgattr.c
+++ b/lib/softoken/legacydb/lgattr.c
@@ -566,17 +566,17 @@ lg_FindECPublicKeyAttribute(NSSLOWKEYPub
case CKA_VERIFY_RECOVER:
case CKA_WRAP:
return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
case CKA_EC_PARAMS:
return lg_CopyAttributeSigned(attribute,type,
key->u.ec.ecParams.DEREncoding.data,
key->u.ec.ecParams.DEREncoding.len);
case CKA_EC_POINT:
- if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) {
+ if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
return lg_CopyAttributeSigned(attribute, type,
key->u.ec.publicValue.data,
key->u.ec.publicValue.len);
} else {
SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
&(key->u.ec.publicValue),
SEC_ASN1_GET(SEC_OctetStringTemplate));
CK_RV crv;
--- a/lib/softoken/legacydb/lginit.c
+++ b/lib/softoken/legacydb/lginit.c
@@ -163,17 +163,17 @@ DB * rdbopen(const char *appName, const
db = (*lg_rdbfunc)(appName,prefix,type,rdbmapflags(flags));
if (!db && status && lg_rdbstatusfunc) {
*status = (*lg_rdbstatusfunc)();
}
return db;
}
/* couldn't find the entry point, unload the library and fail */
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
PR_UnloadLibrary(lib);
}
return NULL;
}
/*
* the following data structures are from rdb.h.
--- a/lib/softoken/lgglue.c
+++ b/lib/softoken/lgglue.c
@@ -413,17 +413,17 @@ sftkdbCall_Shutdown(void)
return CKR_OK;
}
if (legacy_glue_shutdown) {
#ifdef NO_FORK_CHECK
PRBool parentForkedAfterC_Initialize = PR_FALSE;
#endif
crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
}
- disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+ disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
PR_UnloadLibrary(legacy_glue_lib);
}
legacy_glue_lib = NULL;
legacy_glue_open = NULL;
legacy_glue_readSecmod = NULL;
legacy_glue_releaseSecmod = NULL;
legacy_glue_deleteSecmod = NULL;
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -31,16 +31,17 @@
#include "pkcs11t.h"
#include "secoid.h"
#include "alghmac.h"
#include "softoken.h"
#include "secasn1.h"
#include "secerr.h"
#include "prprf.h"
+#include "prenv.h"
#define __PASTE(x,y) x##y
/*
* we renamed all our internal functions, get the correct
* definitions for them...
*/
#undef CK_PKCS11_FUNCTION_INFO
@@ -4765,17 +4766,17 @@ dhgn_done:
if (rv != SECSuccess) {
if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
sftk_fatalError = PR_TRUE;
}
crv = sftk_MapCryptError(PORT_GetError());
break;
}
- if (getenv("NSS_USE_DECODED_CKA_EC_POINT")) {
+ if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT,
sftk_item_expand(&ecPriv->publicValue));
} else {
SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
&ecPriv->publicValue,
SEC_ASN1_GET(SEC_OctetStringTemplate));
if (!pubValue) {
crv = CKR_ARGUMENTS_BAD;
--- a/lib/softoken/sdb.c
+++ b/lib/softoken/sdb.c
@@ -230,17 +230,17 @@ sdb_getFallbackTempDir(void)
"/tmp",
NULL /* List terminator */
};
unsigned int i;
struct stat buf;
const char *zDir = NULL;
azDirs[0] = sqlite3_temp_directory;
- azDirs[1] = getenv("TMPDIR");
+ azDirs[1] = PR_GetEnvSecure("TMPDIR");
for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
zDir = azDirs[i];
if (zDir == NULL) continue;
if (stat(zDir, &buf)) continue;
if (!S_ISDIR(buf.st_mode)) continue;
if (access(zDir, 07)) continue;
break;
@@ -1857,17 +1857,17 @@ sdb_init(char *dbname, char *table, sdbD
*
* NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
* always be used.
*
* It is expected that most applications would use the "auto" selection,
* the environment variable is primarily to simplify testing, and to
* correct potential corner cases where */
- env = PR_GetEnv("NSS_SDB_USE_CACHE");
+ env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
if (env && PORT_Strcasecmp(env,"no") == 0) {
enableCache = PR_FALSE;
} else if (env && PORT_Strcasecmp(env,"yes") == 0) {
enableCache = PR_TRUE;
} else {
char *tempDir = NULL;
PRUint32 tempOps = 0;
@@ -2008,17 +2008,17 @@ s_open(const char *directory, const char
}
#endif
/* how long does it take to test for a non-existant file in our working
* directory? Allows us to test if we may be on a network file system */
accessOps = 1;
{
char *env;
- env = PR_GetEnv("NSS_SDB_USE_CACHE");
+ env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
/* If the environment variable is set to yes or no, sdb_init() will
* ignore the value of accessOps, and we can skip the measuring.*/
if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
(PORT_Strcasecmp(env, "yes") != 0))){
accessOps = sdb_measureAccess(directory);
}
}
--- a/lib/softoken/softoken.h
+++ b/lib/softoken/softoken.h
@@ -147,17 +147,17 @@ extern PRBool sftk_fatalError;
** macros to check for forked child process after C_Initialize
*/
#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
#ifdef DEBUG
#define FORK_ASSERT() \
{ \
- char* forkAssert = getenv("NSS_STRICT_NOFORK"); \
+ char* forkAssert = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
if ( (!forkAssert) || (0 == strcmp(forkAssert, "1")) ) { \
PORT_Assert(0); \
} \
}
#else
#define FORK_ASSERT()
@@ -234,17 +234,17 @@ extern PRBool sftkForkCheckDisabled;
return CKR_DEVICE_ERROR; \
} \
} while (0)
#define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
#define ENABLE_FORK_CHECK() \
{ \
- char* doForkCheck = getenv("NSS_STRICT_NOFORK"); \
+ char* doForkCheck = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
if ( doForkCheck && !strcmp(doForkCheck, "DISABLED") ) { \
sftkForkCheckDisabled = PR_TRUE; \
} \
}
#else
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -10160,26 +10160,26 @@ get_fake_cert(SECItem *pCertItem, int *p
const char *extension;
int fileNum;
PRInt32 numBytes = 0;
PRStatus prStatus;
PRFileInfo info;
char cfn[100];
pCertItem->data = 0;
- if ((testdir = PR_GetEnv("NISCC_TEST")) == NULL) {
+ if ((testdir = PR_GetEnvSecure("NISCC_TEST")) == NULL) {
return SECSuccess;
}
*pIndex = (NULL != strstr(testdir, "root"));
extension = (strstr(testdir, "simple") ? "" : ".der");
fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1;
- if ((startat = PR_GetEnv("START_AT")) != NULL) {
+ if ((startat = PR_GetEnvSecure("START_AT")) != NULL) {
fileNum += atoi(startat);
}
- if ((stopat = PR_GetEnv("STOP_AT")) != NULL &&
+ if ((stopat = PR_GetEnvSecure("STOP_AT")) != NULL &&
fileNum >= atoi(stopat)) {
*pIndex = -1;
return SECSuccess;
}
sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension);
cf = PR_Open(cfn, PR_RDONLY, 0);
if (!cf) {
goto loser;
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -1523,17 +1523,17 @@ SSL_InheritMPServerSIDCacheInstance(cach
ssl_InitSessionCacheLocks(PR_FALSE);
ssl_sid_lookup = ServerSessionIDLookup;
ssl_sid_cache = ServerSessionIDCache;
ssl_sid_uncache = ServerSessionIDUncache;
if (!envString) {
- envString = getenv(envVarName);
+ envString = PR_GetEnvSecure(envVarName);
if (!envString) {
SET_ERROR_CODE
return SECFailure;
}
}
myEnvString = PORT_Strdup(envString);
if (!myEnvString)
return SECFailure;
@@ -1742,17 +1742,17 @@ LockPoller(void * arg)
/* Launch thread to poll cache for expired locks */
static SECStatus
LaunchLockPoller(cacheDesc *cache)
{
const char * timeoutString;
PRThread * pollerThread;
cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT;
- timeoutString = getenv("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
+ timeoutString = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
if (timeoutString) {
long newTime = strtol(timeoutString, 0, 0);
if (newTime == 0)
return SECSuccess; /* application doesn't want poller thread */
if (newTime > 0)
cache->mutexTimeout = (PRUint32)newTime;
/* if error (newTime < 0) ignore it and use default */
}
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -3327,84 +3327,84 @@ ssl_SetDefaultsFromEnvironment(void)
{
#if defined( NSS_HAVE_GETENV )
static int firsttime = 1;
if (firsttime) {
char * ev;
firsttime = 0;
#ifdef DEBUG
- ev = getenv("SSLDEBUGFILE");
+ ev = PR_GetEnvSecure("SSLDEBUGFILE");
if (ev && ev[0]) {
ssl_trace_iob = fopen(ev, "w");
}
if (!ssl_trace_iob) {
ssl_trace_iob = stderr;
}
#ifdef TRACE
- ev = getenv("SSLTRACE");
+ ev = PR_GetEnvSecure("SSLTRACE");
if (ev && ev[0]) {
ssl_trace = atoi(ev);
SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
}
#endif /* TRACE */
- ev = getenv("SSLDEBUG");
+ ev = PR_GetEnvSecure("SSLDEBUG");
if (ev && ev[0]) {
ssl_debug = atoi(ev);
SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
}
#endif /* DEBUG */
- ev = getenv("SSLKEYLOGFILE");
+ ev = PR_GetEnvSecure("SSLKEYLOGFILE");
if (ev && ev[0]) {
ssl_keylog_iob = fopen(ev, "a");
if (!ssl_keylog_iob) {
SSL_TRACE(("SSL: failed to open key log file"));
} else {
if (ftell(ssl_keylog_iob) == 0) {
fputs("# SSL/TLS secrets log file, generated by NSS\n",
ssl_keylog_iob);
}
SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
}
}
#ifndef NO_PKCS11_BYPASS
- ev = getenv("SSLBYPASS");
+ ev = PR_GetEnvSecure("SSLBYPASS");
if (ev && ev[0]) {
ssl_defaults.bypassPKCS11 = (ev[0] == '1');
SSL_TRACE(("SSL: bypass default set to %d", \
ssl_defaults.bypassPKCS11));
}
#endif /* NO_PKCS11_BYPASS */
- ev = getenv("SSLFORCELOCKS");
+ ev = PR_GetEnvSecure("SSLFORCELOCKS");
if (ev && ev[0] == '1') {
ssl_force_locks = PR_TRUE;
ssl_defaults.noLocks = 0;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
}
- ev = getenv("NSS_SSL_ENABLE_RENEGOTIATION");
+ ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");
if (ev) {
if (ev[0] == '1' || LOWER(ev[0]) == 'u')
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
else if (ev[0] == '3' || LOWER(ev[0]) == 't')
ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
SSL_TRACE(("SSL: enableRenegotiation set to %d",
ssl_defaults.enableRenegotiation));
}
- ev = getenv("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+ ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
if (ev && ev[0] == '1') {
ssl_defaults.requireSafeNegotiation = PR_TRUE;
SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
PR_TRUE));
}
- ev = getenv("NSS_SSL_CBC_RANDOM_IV");
+ ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV");
if (ev && ev[0] == '0') {
ssl_defaults.cbcRandomIV = PR_FALSE;
SSL_TRACE(("SSL: cbcRandomIV set to 0"));
}
}
#endif /* NSS_HAVE_GETENV */
}
--- a/lib/sysinit/nsssysinit.c
+++ b/lib/sysinit/nsssysinit.c
@@ -1,15 +1,16 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "seccomon.h"
#include "prio.h"
#include "prprf.h"
#include "plhash.h"
+#include "prenv.h"
/*
* The following provides a default example for operating systems to set up
* and manage applications loading NSS on their OS globally.
*
* This code hooks in to the system pkcs11.txt, which controls all the loading
* of pkcs11 modules common to all applications.
*/
@@ -36,17 +37,17 @@ testdir(char *dir)
return S_ISDIR(buf.st_mode);
}
#define NSS_USER_PATH1 "/.pki"
#define NSS_USER_PATH2 "/nssdb"
static char *
getUserDB(void)
{
- char *userdir = getenv("HOME");
+ char *userdir = PR_GetEnvSecure("HOME");
char *nssdir = NULL;
if (userdir == NULL) {
return NULL;
}
nssdir = PORT_Alloc(strlen(userdir)
+sizeof(NSS_USER_PATH1)+sizeof(NSS_USER_PATH2));
@@ -128,17 +129,17 @@ userCanModifySystemDB()
#else
#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
#endif
#endif
static PRBool
getFIPSEnv(void)
{
- char *fipsEnv = getenv("NSS_FIPS");
+ char *fipsEnv = PR_GetEnvSecure("NSS_FIPS");
if (!fipsEnv) {
return PR_FALSE;
}
if ((strcasecmp(fipsEnv,"fips") == 0) ||
(strcasecmp(fipsEnv,"true") == 0) ||
(strcasecmp(fipsEnv,"on") == 0) ||
(strcasecmp(fipsEnv,"1") == 0)) {
return PR_TRUE;
--- a/lib/util/secoid.c
+++ b/lib/util/secoid.c
@@ -1985,32 +1985,32 @@ SECOID_Init(void)
#define NSS_VERSION_VARIABLE __nss_util_version
#include "verref.h"
if (oidhash) {
return SECSuccess; /* already initialized */
}
- if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
+ if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
/* initialize any policy flags that are disabled by default */
xOids[SEC_OID_MD2 ].notPolicyFlags = ~0;
xOids[SEC_OID_MD4 ].notPolicyFlags = ~0;
xOids[SEC_OID_MD5 ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
}
/* turn off NSS_USE_POLICY_IN_SSL by default */
xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL;
- envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
+ envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT");
if (envVal)
handleHashAlgSupport(envVal);
if (secoid_InitDynOidData() != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
PORT_Assert(0); /* this function should never fail */
return SECFailure;
}
--- a/lib/util/secport.c
+++ b/lib/util/secport.c
@@ -316,17 +316,17 @@ PORT_FreeArena(PLArenaPool *arena, PRBoo
return;
if (ARENAPOOL_MAGIC == pool->magic ) {
len = sizeof *pool;
lock = pool->lock;
PZ_Lock(lock);
}
if (!checkedEnv) {
/* no need for thread protection here */
- doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
+ doFreeArenaPool = (PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
checkedEnv = PR_TRUE;
}
if (zero) {
PL_ClearArenaPool(arena, 0);
}
if (doFreeArenaPool) {
PL_FreeArenaPool(arena);
} else {
--- a/lib/util/utilpars.c
+++ b/lib/util/utilpars.c
@@ -1078,17 +1078,17 @@ const char *
} else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB)-1) == 0) {
dbType = NSS_DB_TYPE_EXTERN;
configdir = configdir + sizeof(EXTERNDB) -1;
} else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY)-1) == 0) {
dbType = NSS_DB_TYPE_LEGACY;
configdir = configdir + sizeof(LEGACY) -1;
} else {
/* look up the default from the environment */
- char *defaultType = PR_GetEnv("NSS_DEFAULT_DB_TYPE");
+ char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
if (defaultType != NULL) {
if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB)-2) == 0) {
dbType = NSS_DB_TYPE_SQL;
} else if (PORT_Strncmp(defaultType,EXTERNDB,sizeof(EXTERNDB)-2)==0) {
dbType = NSS_DB_TYPE_EXTERN;
} else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY)-2) == 0) {
dbType = NSS_DB_TYPE_LEGACY;
}