diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/ffi/ffi.cpp | 2 | ||||
-rw-r--r-- | src/lib/utils/os_utils.cpp | 21 | ||||
-rw-r--r-- | src/lib/utils/os_utils.h | 8 |
3 files changed, 22 insertions, 9 deletions
diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index cfc2cb2d5..b0c1f6e71 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -18,7 +18,7 @@ namespace Botan_FFI { int ffi_error_exception_thrown(const char* func_name, const char* exn, int rc) { - if(Botan::OS::running_in_privileged_state() == false && std::getenv("BOTAN_FFI_PRINT_EXCEPTIONS") != nullptr) + if(Botan::OS::read_env_variable("BOTAN_FFI_PRINT_EXCEPTIONS") != nullptr) { std::fprintf(stderr, "in %s exception '%s' returning %d\n", func_name, exn, rc); } diff --git a/src/lib/utils/os_utils.cpp b/src/lib/utils/os_utils.cpp index 265d4aac2..e5267cad6 100644 --- a/src/lib/utils/os_utils.cpp +++ b/src/lib/utils/os_utils.cpp @@ -267,17 +267,14 @@ size_t OS::get_memory_locking_limit() /* * Allow override via env variable */ - if(OS::running_in_privileged_state() == false) + if(const char* env = read_env_variable("BOTAN_MLOCK_POOL_SIZE")) { - if(const char* env = std::getenv("BOTAN_MLOCK_POOL_SIZE")) + try { - try - { - const size_t user_req = std::stoul(env, nullptr); - mlock_requested = std::min(user_req, mlock_requested); - } - catch(std::exception&) { /* ignore it */ } + const size_t user_req = std::stoul(env, nullptr); + mlock_requested = std::min(user_req, mlock_requested); } + catch(std::exception&) { /* ignore it */ } } if(mlock_requested > 0) @@ -328,6 +325,14 @@ size_t OS::get_memory_locking_limit() return 0; } +const char* OS::read_env_variable(const std::string& name) + { + if(running_in_privileged_state()) + return nullptr; + + return std::getenv(name.c_str()); + } + void* OS::allocate_locked_pages(size_t length) { #if defined(BOTAN_TARGET_OS_HAS_POSIX1) && defined(BOTAN_TARGET_OS_HAS_POSIX_MLOCK) diff --git a/src/lib/utils/os_utils.h b/src/lib/utils/os_utils.h index 24cbdd5a3..a6044dd18 100644 --- a/src/lib/utils/os_utils.h +++ b/src/lib/utils/os_utils.h @@ -80,6 +80,14 @@ size_t get_memory_locking_limit(); size_t system_page_size(); /** +* Read the value of an environment variable. Return nullptr if +* no such variable is set. If the process seems to be running in +* a privileged state (such as setuid) then always returns nullptr, +* similiar to glibc's secure_getenv. +*/ +const char* read_env_variable(const std::string& var_name); + +/** * Request so many bytes of page-aligned RAM locked into memory using * mlock, VirtualLock, or similar. Returns null on failure. The memory * returned is zeroed. Free it with free_locked_pages. |