URL: https://github.com/SSSD/sssd/pull/5709 Title: #5709: General: Hardeninig getenv() usage
mzidek-gh commented: """ Hi, I have one suggestion. Creating a utility function ```int sss_getenv(char *variable_name, char **_value)`` to use where SSSD now uses normal getenv. The function would internally call getenv and return ENOENT if getenv returns NULL. If getent succeeds normally then it would call talloc_strdup and return ENOMEM if talloc fails. If talloc succeds the results will be put in the output variable _value and the function would return 0/EOK. This way you make can check for both out of memory and "no such variable" cases while narrowing the theoretical issues with overwriting the memory location returned by getenv to a minimum. Currently you do not distinguish between the two cases and it is not good IMO. In the client code you can make a static version of that function with malloc, maybe calling it sss_cli_getenv. Just my 2c :) """ See the full comment at https://github.com/SSSD/sssd/pull/5709#issuecomment-881350148
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
