--- file-5.29/configure.ac | 2 ++ file-5.29/src/file.c | 2 +- file-5.29/src/file.h | 8 ++++++++ file-5.29/src/magic.c | 10 +++++----- 4 files changed, 16 insertions(+), 6 deletions(-) --- file-5.29/configure.ac +++ file-5.29/configure.ac 2016-11-24 09:13:33.451612426 +0000 @@ -102,6 +102,8 @@ AC_CHECK_TYPE([sig_t],[AC_DEFINE([HAVE_S #include #endif]) +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_TYPE_OFF_T --- file-5.29/src/file.c +++ file-5.29/src/file.c 2016-11-24 09:13:33.451612426 +0000 @@ -648,7 +648,7 @@ docprint(const char *opts, int def) private void help(void) { - const unsigned long posix = (unsigned long)getenv("POSIXLY_CORRECT"); + const unsigned long posix = (unsigned long)secure_getenv("POSIXLY_CORRECT"); (void)fputs( "Usage: file [OPTION...] [FILE...]\n" "Determine type of FILEs.\n" --- file-5.29/src/file.h +++ file-5.29/src/file.h 2016-11-24 09:13:33.451612426 +0000 @@ -652,4 +652,12 @@ static const char *rcsid(const char *p) #define __RCSID(a) #endif +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE___SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + #endif /* __file_h__ */ --- file-5.29/src/magic.c +++ file-5.29/src/magic.c 2016-11-24 09:13:33.451612426 +0000 @@ -185,7 +185,7 @@ get_default_magic(void) free(default_magic); default_magic = NULL; } - if ((home = getenv("HOME")) == NULL) + if ((home = secure_getenv("HOME")) == NULL) return MAGIC; if (asprintf(&hmagicpath, "%s/.magic.mgc", home) < 0) @@ -222,16 +222,16 @@ out: } /* First, try to get a magic file from user-application data */ - if ((home = getenv("LOCALAPPDATA")) != NULL) + if ((home = secure_getenv("LOCALAPPDATA")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Second, try to get a magic file from the user profile data */ - if ((home = getenv("USERPROFILE")) != NULL) + if ((home = secure_getenv("USERPROFILE")) != NULL) _w32_append_path(&hmagicpath, "%s/Local Settings/Application Data%s", home, hmagic); /* Third, try to get a magic file from Common Files */ - if ((home = getenv("COMMONPROGRAMFILES")) != NULL) + if ((home = secure_getenv("COMMONPROGRAMFILES")) != NULL) _w32_append_path(&hmagicpath, "%s%s", home, hmagic); /* Fourth, try to get magic file relative to exe location */ @@ -252,7 +252,7 @@ magic_getpath(const char *magicfile, int if (magicfile != NULL) return magicfile; - magicfile = getenv("MAGIC"); + magicfile = secure_getenv("MAGIC"); if (magicfile != NULL) return magicfile;