# HG changeset patch
# User Paul Eggert <eggert@cs.ucla.edu>
# Date 1360031603 28800
# Node ID 8108e0239bb69b3aae5f655861e31e5e3af19276
# Parent  c47552eff05bfdbfb88637122eabde3bf300acf6
secure_getenv: new module

* MODULES.html.sh (Extra functions based on ANSI C 89):
Add secure_getenv.
* doc/glibc-functions/secure_getenv.texi: New file.
* doc/gnulib.texi: Include it.
* lib/secure_getenv.c, m4/secure_getenv.m4, modules/secure_getenv:
New files.
* lib/stdlib.in.h (secure_getenv): New decl.
* m4/stdlib_h.m4 (gl_STDLIB_H, gl_STDLIB_H_DEFAULTS):
* modules/stdlib (stdlib.h):
Add secure_getenv checks.

diff -r c47552eff05b -r 8108e0239bb6 ChangeLog
--- a/ChangeLog	Mon Feb 04 05:43:29 2013 -0800
+++ b/ChangeLog	Mon Feb 04 18:33:23 2013 -0800
@@ -1,3 +1,17 @@
+2013-02-04  Paul Eggert  <eggert@cs.ucla.edu>
+
+	secure_getenv: new module
+	* MODULES.html.sh (Extra functions based on ANSI C 89):
+	Add secure_getenv.
+	* doc/glibc-functions/secure_getenv.texi: New file.
+	* doc/gnulib.texi: Include it.
+	* lib/secure_getenv.c, m4/secure_getenv.m4, modules/secure_getenv:
+	New files.
+	* lib/stdlib.in.h (secure_getenv): New decl.
+	* m4/stdlib_h.m4 (gl_STDLIB_H, gl_STDLIB_H_DEFAULTS):
+	* modules/stdlib (stdlib.h):
+	Add secure_getenv checks.
+
 2013-02-03  Paul Eggert  <eggert@cs.ucla.edu>
 
 	getcwd: break fdopendir + save_cwd recursive loop (Bug#13516)
diff -r c47552eff05b -r 8108e0239bb6 MODULES.html.sh
--- a/MODULES.html.sh	Mon Feb 04 05:43:29 2013 -0800
+++ b/MODULES.html.sh	Mon Feb 04 18:33:23 2013 -0800
@@ -1772,6 +1772,7 @@
 
   func_begin_table
   func_module putenv
+  func_module secure_getenv
   func_module setenv
   func_module unsetenv
   func_module xsetenv
diff -r c47552eff05b -r 8108e0239bb6 doc/glibc-functions/secure_getenv.texi
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/glibc-functions/secure_getenv.texi	Mon Feb 04 18:33:23 2013 -0800
@@ -0,0 +1,22 @@
+@node secure_getenv
+@subsection @code{secure_getenv}
+@findex secure_getenv
+
+Gnulib module: secure_getenv
+
+Portability problems fixed by Gnulib:
+@itemize
+@item
+This function is missing on some platforms:
+glibc 2.16, OS X 10.8, FreeBSD 9.1, NetBSD 6.0.1, OpenBSD 5.2, Minix 3.2.0,
+AIX 7.1, HP-UX 11, IRIX 6.5, Solaris 11, Cygwin, mingw, MSVC 9,
+Interix 6.1, BeOS.
+@end itemize
+
+Portability problems not fixed by Gnulib:
+@itemize
+@item
+On platforms other than glibc 2.0 and later, the Gnulib replacement
+function always returns a null pointer, even when invoked in a
+non-setuid program.
+@end itemize
diff -r c47552eff05b -r 8108e0239bb6 doc/gnulib.texi
--- a/doc/gnulib.texi	Mon Feb 04 05:43:29 2013 -0800
+++ b/doc/gnulib.texi	Mon Feb 04 18:33:23 2013 -0800
@@ -5870,6 +5870,7 @@
 * qsort_r::
 * random_r::
 * rpmatch::
+* secure_getenv::
 * seed48_r::
 * setstate_r::
 * srand48_r::
@@ -5914,6 +5915,7 @@
 @include glibc-functions/qsort_r.texi
 @include glibc-functions/random_r.texi
 @include glibc-functions/rpmatch.texi
+@include glibc-functions/secure_getenv.texi
 @include glibc-functions/seed48_r.texi
 @include glibc-functions/setstate_r.texi
 @include glibc-functions/srand48_r.texi
diff -r c47552eff05b -r 8108e0239bb6 lib/secure_getenv.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lib/secure_getenv.c	Mon Feb 04 18:33:23 2013 -0800
@@ -0,0 +1,28 @@
+/* Look up an environment variable more securely.
+
+   Copyright 2013 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as published
+   by the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+
+char *
+secure_getenv (char const *name)
+{
+#if HAVE___SECURE_GETENV
+  return __secure_getenv (name);
+#else
+  return 0;
+#endif
+}
diff -r c47552eff05b -r 8108e0239bb6 lib/stdlib.in.h
--- a/lib/stdlib.in.h	Mon Feb 04 05:43:29 2013 -0800
+++ b/lib/stdlib.in.h	Mon Feb 04 18:33:23 2013 -0800
@@ -767,6 +767,22 @@
 # endif
 #endif
 
+#if @GNULIB_SECURE_GETENV@
+/* Look up NAME in the environment, returning 0 in insecure situations.  */
+# if !@HAVE_SECURE_GETENV@
+_GL_FUNCDECL_SYS (secure_getenv, char *,
+                  (char const *name) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (secure_getenv, int, (char const *name));
+_GL_CXXALIASWARN (secure_getenv);
+#elif defined GNULIB_POSIXCHECK
+# undef secure_getenv
+# if HAVE_RAW_DECL_SECURE_GETENV
+_GL_WARN_ON_USE (secure_getenv, "secure_getenv is unportable - "
+                 "use gnulib module secure_getenv for portability");
+# endif
+#endif
+
 #if @GNULIB_SETENV@
 /* Set NAME to VALUE in the environment.
    If REPLACE is nonzero, overwrite an existing value.  */
diff -r c47552eff05b -r 8108e0239bb6 m4/secure_getenv.m4
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/m4/secure_getenv.m4	Mon Feb 04 18:33:23 2013 -0800
@@ -0,0 +1,22 @@
+# Look up an environment variable more securely.
+dnl Copyright 2013 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_SECURE_GETENV],
+[
+  dnl Persuade glibc <stdlib.h> to declare secure_getenv().
+  AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+  AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+  AC_CHECK_FUNCS_ONCE([secure_getenv])
+  if test $ac_cv_func_secure_getenv = no; then
+    HAVE_SECURE_GETENV=0
+  fi
+])
+
+# Prerequisites of lib/secure_getenv.c.
+AC_DEFUN([gl_PREREQ_SECURE_GETENV], [
+  AC_CHECK_FUNCS([__secure_getenv])
+])
diff -r c47552eff05b -r 8108e0239bb6 m4/stdlib_h.m4
--- a/m4/stdlib_h.m4	Mon Feb 04 05:43:29 2013 -0800
+++ b/m4/stdlib_h.m4	Mon Feb 04 18:33:23 2013 -0800
@@ -1,4 +1,4 @@
-# stdlib_h.m4 serial 41
+# stdlib_h.m4 serial 42
 dnl Copyright (C) 2007-2013 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
@@ -22,7 +22,7 @@
     ]], [_Exit atoll canonicalize_file_name getloadavg getsubopt grantpt
     initstate initstate_r mkdtemp mkostemp mkostemps mkstemp mkstemps
     posix_openpt ptsname ptsname_r random random_r realpath rpmatch
-    setenv setstate setstate_r srandom srandom_r
+    secure_getenv setenv setstate setstate_r srandom srandom_r
     strtod strtoll strtoull unlockpt unsetenv])
 ])
 
@@ -60,6 +60,7 @@
   GNULIB_REALLOC_POSIX=0; AC_SUBST([GNULIB_REALLOC_POSIX])
   GNULIB_REALPATH=0;      AC_SUBST([GNULIB_REALPATH])
   GNULIB_RPMATCH=0;       AC_SUBST([GNULIB_RPMATCH])
+  GNULIB_SECURE_GETENV=0; AC_SUBST([GNULIB_SECURE_GETENV])
   GNULIB_SETENV=0;        AC_SUBST([GNULIB_SETENV])
   GNULIB_STRTOD=0;        AC_SUBST([GNULIB_STRTOD])
   GNULIB_STRTOLL=0;       AC_SUBST([GNULIB_STRTOLL])
@@ -88,6 +89,7 @@
   HAVE_RANDOM_R=1;           AC_SUBST([HAVE_RANDOM_R])
   HAVE_REALPATH=1;           AC_SUBST([HAVE_REALPATH])
   HAVE_RPMATCH=1;            AC_SUBST([HAVE_RPMATCH])
+  HAVE_SECURE_GETENV=1;      AC_SUBST([HAVE_SECURE_GETENV])
   HAVE_SETENV=1;             AC_SUBST([HAVE_SETENV])
   HAVE_DECL_SETENV=1;        AC_SUBST([HAVE_DECL_SETENV])
   HAVE_STRTOD=1;             AC_SUBST([HAVE_STRTOD])
diff -r c47552eff05b -r 8108e0239bb6 modules/secure_getenv
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/modules/secure_getenv	Mon Feb 04 18:33:23 2013 -0800
@@ -0,0 +1,31 @@
+Description:
+Look up an environment variable, returning 0 in insecure situations.
+
+Files:
+lib/secure_getenv.c
+m4/secure_getenv.m4
+
+Depends-on:
+stdlib
+extensions
+
+configure.ac:
+gl_FUNC_SECURE_GETENV
+if test $HAVE_SECURE_GETENV = 0; then
+  AC_LIBOBJ([secure_getenv])
+  gl_PREREQ_SECURE_GETENV
+fi
+gl_STDLIB_MODULE_INDICATOR([secure_getenv])
+
+Makefile.am:
+
+Include:
+<stdlib.h>
+
+Link:
+
+License:
+LGPLv2+
+
+Maintainer:
+all
diff -r c47552eff05b -r 8108e0239bb6 modules/stdlib
--- a/modules/stdlib	Mon Feb 04 05:43:29 2013 -0800
+++ b/modules/stdlib	Mon Feb 04 18:33:23 2013 -0800
@@ -54,6 +54,7 @@
 	      -e 's/@''GNULIB_REALLOC_POSIX''@/$(GNULIB_REALLOC_POSIX)/g' \
 	      -e 's/@''GNULIB_REALPATH''@/$(GNULIB_REALPATH)/g' \
 	      -e 's/@''GNULIB_RPMATCH''@/$(GNULIB_RPMATCH)/g' \
+	      -e 's/@''GNULIB_SECURE_GETENV''@/$(GNULIB_SECURE_GETENV)/g' \
 	      -e 's/@''GNULIB_SETENV''@/$(GNULIB_SETENV)/g' \
 	      -e 's/@''GNULIB_STRTOD''@/$(GNULIB_STRTOD)/g' \
 	      -e 's/@''GNULIB_STRTOLL''@/$(GNULIB_STRTOLL)/g' \
@@ -82,6 +83,7 @@
 	      -e 's|@''HAVE_RANDOM_R''@|$(HAVE_RANDOM_R)|g' \
 	      -e 's|@''HAVE_REALPATH''@|$(HAVE_REALPATH)|g' \
 	      -e 's|@''HAVE_RPMATCH''@|$(HAVE_RPMATCH)|g' \
+	      -e 's|@''HAVE_SECURE_GETENV''@|$(HAVE_SECURE_GETENV)|g' \
 	      -e 's|@''HAVE_DECL_SETENV''@|$(HAVE_DECL_SETENV)|g' \
 	      -e 's|@''HAVE_STRTOD''@|$(HAVE_STRTOD)|g' \
 	      -e 's|@''HAVE_STRTOLL''@|$(HAVE_STRTOLL)|g' \