--- file-5.42/configure.ac | 2 ++ file-5.42/src/file.h | 8 ++++++++ file-5.42/src/magic.c | 12 ++++++------ 3 files changed, 16 insertions(+), 6 deletions(-) --- file-5.42/configure.ac +++ file-5.42/configure.ac 2022-06-13 08:34:50.347521415 +0000 @@ -122,6 +122,8 @@ if test "$enable_xzlib" != "no"; then fi AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_SIG_T],1,[Have sig_t type])],,[#include ]) +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + dnl Checks for typedefs, structures, and compiler characteristics. AC_TYPE_OFF_T AC_TYPE_SIZE_T --- file-5.42/src/file.h +++ file-5.42/src/file.h 2022-06-13 08:34:50.347521415 +0000 @@ -709,4 +709,12 @@ static const char *rcsid(const char *p) #define __RCSID(a) #endif +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + #endif /* __file_h__ */ --- file-5.42/src/magic.c +++ file-5.42/src/magic.c 2022-06-13 08:36:49.997304349 +0000 @@ -185,7 +185,7 @@ get_default_magic(void) free(default_magic); default_magic = NULL; } - if ((home = getenv("HOME")) == NULL) + if ((home = secure_getenv("HOME")) == NULL) return MAGIC; if (asprintf(&hmagicpath, "%s/.magic.mgc", home) < 0) @@ -222,20 +222,20 @@ out: } /* Before anything else, try to get a magic file from user HOME */ - if ((home = getenv("HOME")) != NULL) + if ((home = secure_getenv("HOME")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* First, try to get a magic file from user-application data */ - if ((home = getenv("LOCALAPPDATA")) != NULL) + if ((home = secure_getenv("LOCALAPPDATA")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Second, try to get a magic file from the user profile data */ - if ((home = getenv("USERPROFILE")) != NULL) + if ((home = secure_getenv("USERPROFILE")) != NULL) _w32_append_path(&hmagicpath, "%s/Local Settings/Application Data%s", home, hmagic); /* Third, try to get a magic file from Common Files */ - if ((home = getenv("COMMONPROGRAMFILES")) != NULL) + if ((home = secure_getenv("COMMONPROGRAMFILES")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Fourth, try to get magic file relative to exe location */ @@ -256,7 +256,7 @@ magic_getpath(const char *magicfile, int if (magicfile != NULL) return magicfile; - magicfile = getenv("MAGIC"); + magicfile = secure_getenv("MAGIC"); if (magicfile != NULL) return magicfile;