hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()

[platform/upstream/dbus.git] / dbus / dbus-keyring.c

diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c
index 23b9df5..2516bc3 100644 (file)
--- a/dbus/dbus-keyring.c
+++ b/dbus/dbus-keyring.c
@@ -717,6 +717,19 @@ _dbus_keyring_new_for_credentials (DBusCredentials  *credentials,
   DBusCredentials *our_credentials;
   
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+
+  if (_dbus_getenv ("HOME") == NULL)
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to create DBus keyring with no $HOME");
+      return FALSE;
+    }
+  if (_dbus_check_setuid ())
+    {
+      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
+                            "Unable to create DBus keyring when setuid");
+      return NULL;
+    }
   
   keyring = NULL;
   error_set = FALSE;