--- file-5.35/configure.ac | 2 ++ file-5.35/src/file.c | 2 +- file-5.35/src/file.h | 8 ++++++++ file-5.35/src/magic.c | 10 +++++----- 4 files changed, 16 insertions(+), 6 deletions(-) --- file-5.35/configure.ac +++ file-5.35/configure.ac 2018-10-22 07:58:32.773294624 +0000 @@ -99,6 +99,8 @@ if test "$enable_zlib" != "no"; then fi AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[#include ]) +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_OFF_T --- file-5.35/src/file.c +++ file-5.35/src/file.c 2018-10-22 07:57:43.206223603 +0000 @@ -651,7 +651,7 @@ docprint(const char *opts, int def) private void help(void) { - const unsigned long posix = (unsigned long)getenv("POSIXLY_CORRECT"); + const unsigned long posix = (unsigned long)secure_getenv("POSIXLY_CORRECT"); (void)fputs( "Usage: file [OPTION...] [FILE...]\n" "Determine type of FILEs.\n" --- file-5.35/src/file.h +++ file-5.35/src/file.h 2018-10-22 07:57:43.206223603 +0000 @@ -658,4 +658,12 @@ static const char *rcsid(const char *p) #define __RCSID(a) #endif +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + #endif /* __file_h__ */ --- file-5.35/src/magic.c +++ file-5.35/src/magic.c 2018-10-22 07:57:43.206223603 +0000 @@ -183,7 +183,7 @@ get_default_magic(void) free(default_magic); default_magic = NULL; } - if ((home = getenv("HOME")) == NULL) + if ((home = secure_getenv("HOME")) == NULL) return MAGIC; if (asprintf(&hmagicpath, "%s/.magic.mgc", home) < 0) @@ -220,16 +220,16 @@ out: } /* First, try to get a magic file from user-application data */ - if ((home = getenv("LOCALAPPDATA")) != NULL) + if ((home = secure_getenv("LOCALAPPDATA")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Second, try to get a magic file from the user profile data */ - if ((home = getenv("USERPROFILE")) != NULL) + if ((home = secure_getenv("USERPROFILE")) != NULL) _w32_append_path(&hmagicpath, "%s/Local Settings/Application Data%s", home, hmagic); /* Third, try to get a magic file from Common Files */ - if ((home = getenv("COMMONPROGRAMFILES")) != NULL) + if ((home = secure_getenv("COMMONPROGRAMFILES")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Fourth, try to get magic file relative to exe location */ @@ -250,7 +250,7 @@ magic_getpath(const char *magicfile, int if (magicfile != NULL) return magicfile; - magicfile = getenv("MAGIC"); + magicfile = secure_getenv("MAGIC"); if (magicfile != NULL) return magicfile;