These three patches are independent of each other, but they all do the
same thing.
In each case, we had been getting the local host name by reading the
environmental variable $HOSTNAME. This approach normally works, but
it is vulnerable to abuse or error by a user who modifies the value
of that variable, or even unsets it altogether.
With these patches we will instead call gethostname(), which is not
affected by changes in the environment.
git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@1304
9efc2488-bf62-4759-914b-
345cdb29e865
char* osrfChatMkAuthKey() {
+ char hostname[HOST_NAME_MAX + 1] = "";
+ gethostname(hostname, sizeof(hostname) );
+ hostname[HOST_NAME_MAX] = '\0';
char keybuf[112];
- snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), getenv("HOSTNAME"));
+ snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), hostname);
return strdup(shahash(keybuf));
}
domain, iport, unixpath ? unixpath : "(none)" );
transport_client* client = client_init( domain, iport, unixpath, 0 );
- const char* host;
- host = getenv("HOSTNAME");
+ char host[HOST_NAME_MAX + 1] = "";
+ gethostname(host, sizeof(host) );
+ host[HOST_NAME_MAX] = '\0';
char tbuf[32];
tbuf[0] = '\0';
snprintf(tbuf, 32, "%f", get_timestamp_millis());
- if(!host) host = "";
if(!resource) resource = "";
int len = strlen(resource) + 256;
if( session->component ) {
/* the first Jabber connect stanza */
- char* our_hostname = getenv("HOSTNAME");
+ char our_hostname[HOST_NAME_MAX + 1] = "";
+ gethostname(our_hostname, sizeof(our_hostname) );
+ our_hostname[HOST_NAME_MAX] = '\0';
size1 = 150 + strlen( server );
char stanza1[ size1 ];
snprintf( stanza1, sizeof(stanza1),
projects / OpenSRF.git / commitdiff