--- file-5.38/configure.ac | 2 ++ file-5.38/src/file.c | 2 +- file-5.38/src/file.h | 8 ++++++++ file-5.38/src/magic.c | 10 +++++----- 4 files changed, 16 insertions(+), 6 deletions(-) Index: file-5.38/configure.ac =================================================================== --- file-5.38.orig/configure.ac +++ file-5.38/configure.ac @@ -114,6 +114,8 @@ if test "$enable_xzlib" != "no"; then fi AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[#include ]) +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + dnl Checks for typedefs, structures, and compiler characteristics. AC_TYPE_OFF_T AC_TYPE_SIZE_T Index: file-5.38/src/file.h =================================================================== --- file-5.38.orig/src/file.h +++ file-5.38/src/file.h @@ -700,4 +700,12 @@ static const char *rcsid(const char *p) #define __RCSID(a) #endif +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + #endif /* __file_h__ */ Index: file-5.38/src/magic.c =================================================================== --- file-5.38.orig/src/magic.c +++ file-5.38/src/magic.c @@ -185,7 +185,7 @@ get_default_magic(void) free(default_magic); default_magic = NULL; } - if ((home = getenv("HOME")) == NULL) + if ((home = secure_getenv("HOME")) == NULL) return MAGIC; if (asprintf(&hmagicpath, "%s/.magic.mgc", home) < 0) @@ -222,16 +222,16 @@ out: } /* First, try to get a magic file from user-application data */ - if ((home = getenv("LOCALAPPDATA")) != NULL) + if ((home = secure_getenv("LOCALAPPDATA")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Second, try to get a magic file from the user profile data */ - if ((home = getenv("USERPROFILE")) != NULL) + if ((home = secure_getenv("USERPROFILE")) != NULL) _w32_append_path(&hmagicpath, "%s/Local Settings/Application Data%s", home, hmagic); /* Third, try to get a magic file from Common Files */ - if ((home = getenv("COMMONPROGRAMFILES")) != NULL) + if ((home = secure_getenv("COMMONPROGRAMFILES")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Fourth, try to get magic file relative to exe location */ @@ -252,7 +252,7 @@ magic_getpath(const char *magicfile, int if (magicfile != NULL) return magicfile; - magicfile = getenv("MAGIC"); + magicfile = secure_getenv("MAGIC"); if (magicfile != NULL) return magicfile;