[Opensrf-commits] r1304 - in trunk/src: jserver libopensrf

svn at svn.open-ils.org svn at svn.open-ils.org
Fri Apr 11 10:51:23 EDT 2008 

Author: miker
Date: 2008-04-11 10:13:49 -0400 (Fri, 11 Apr 2008)
New Revision: 1304

Modified:
   trunk/src/jserver/osrf_chat.c
   trunk/src/libopensrf/osrf_system.c
   trunk/src/libopensrf/transport_session.c
Log:
Patch from Scott McKellar:

These three patches are independent of each other, but they all do the
same thing.

In each case, we had been getting the local host name by reading the
environmental variable $HOSTNAME.  This approach normally works, but
it is vulnerable to abuse or error by a user who modifies the value
of that variable, or even unsets it altogether.

With these patches we will instead call gethostname(), which is not
affected by changes in the environment.



Modified: trunk/src/jserver/osrf_chat.c
===================================================================
--- trunk/src/jserver/osrf_chat.c	2008-04-11 14:03:27 UTC (rev 1303)
+++ trunk/src/jserver/osrf_chat.c	2008-04-11 14:13:49 UTC (rev 1304)
@@ -605,8 +605,11 @@
 
 
 char* osrfChatMkAuthKey() {
+	char hostname[HOST_NAME_MAX + 1] = "";
+	gethostname(hostname, sizeof(hostname) );
+	hostname[HOST_NAME_MAX] = '\0';
 	char keybuf[112];
-	snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), getenv("HOSTNAME"));
+	snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), hostname);
 	return strdup(shahash(keybuf));
 }
 

Modified: trunk/src/libopensrf/osrf_system.c
===================================================================
--- trunk/src/libopensrf/osrf_system.c	2008-04-11 14:03:27 UTC (rev 1303)
+++ trunk/src/libopensrf/osrf_system.c	2008-04-11 14:13:49 UTC (rev 1304)
@@ -412,14 +412,14 @@
 		domain, iport, unixpath ? unixpath : "(none)" );
 	transport_client* client = client_init( domain, iport, unixpath, 0 );
 
-	const char* host;
-	host = getenv("HOSTNAME");
+	char host[HOST_NAME_MAX + 1] = "";
+	gethostname(host, sizeof(host) );
+	host[HOST_NAME_MAX] = '\0';
 
 	char tbuf[32];
 	tbuf[0] = '\0';
 	snprintf(tbuf, 32, "%f", get_timestamp_millis());
 
-	if(!host) host = "";
 	if(!resource) resource = "";
 
 	int len = strlen(resource) + 256;

Modified: trunk/src/libopensrf/transport_session.c
===================================================================
--- trunk/src/libopensrf/transport_session.c	2008-04-11 14:03:27 UTC (rev 1303)
+++ trunk/src/libopensrf/transport_session.c	2008-04-11 14:13:49 UTC (rev 1304)
@@ -209,7 +209,9 @@
 	if( session->component ) {
 
 		/* the first Jabber connect stanza */
-		char* our_hostname = getenv("HOSTNAME");
+		char our_hostname[HOST_NAME_MAX + 1] = "";
+		gethostname(our_hostname, sizeof(our_hostname) );
+		our_hostname[HOST_NAME_MAX] = '\0';
 		size1 = 150 + strlen( server );
 		char stanza1[ size1 ]; 
 		snprintf( stanza1, sizeof(stanza1),

More information about the opensrf-commits mailing list