From 89dc9627c05a8d252c9abe5dd76217b11b711b6b Mon Sep 17 00:00:00 2001
From: miker <miker@9efc2488-bf62-4759-914b-345cdb29e865>
Date: Fri, 11 Apr 2008 14:13:49 +0000
Subject: [PATCH 1/1] Patch from Scott McKellar:

These three patches are independent of each other, but they all do the
same thing.

In each case, we had been getting the local host name by reading the
environmental variable $HOSTNAME.  This approach normally works, but
it is vulnerable to abuse or error by a user who modifies the value
of that variable, or even unsets it altogether.

With these patches we will instead call gethostname(), which is not
affected by changes in the environment.



git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@1304 9efc2488-bf62-4759-914b-345cdb29e865
---
 src/jserver/osrf_chat.c            | 5 ++++-
 src/libopensrf/osrf_system.c       | 6 +++---
 src/libopensrf/transport_session.c | 4 +++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/jserver/osrf_chat.c b/src/jserver/osrf_chat.c
index 069448a..f09d636 100644
--- a/src/jserver/osrf_chat.c
+++ b/src/jserver/osrf_chat.c
@@ -605,8 +605,11 @@ int osrfChatHandleNewConnection( osrfChatNode* node, const char* name, const xml
 
 
 char* osrfChatMkAuthKey() {
+	char hostname[HOST_NAME_MAX + 1] = "";
+	gethostname(hostname, sizeof(hostname) );
+	hostname[HOST_NAME_MAX] = '\0';
 	char keybuf[112];
-	snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), getenv("HOSTNAME"));
+	snprintf(keybuf, sizeof(keybuf), "%d%ld%s", (int) time(NULL), (long) getpid(), hostname);
 	return strdup(shahash(keybuf));
 }
 
diff --git a/src/libopensrf/osrf_system.c b/src/libopensrf/osrf_system.c
index 8a805d3..d2b8cb0 100644
--- a/src/libopensrf/osrf_system.c
+++ b/src/libopensrf/osrf_system.c
@@ -412,14 +412,14 @@ int osrfSystemBootstrapClientResc( const char* config_file,
 		domain, iport, unixpath ? unixpath : "(none)" );
 	transport_client* client = client_init( domain, iport, unixpath, 0 );
 
-	const char* host;
-	host = getenv("HOSTNAME");
+	char host[HOST_NAME_MAX + 1] = "";
+	gethostname(host, sizeof(host) );
+	host[HOST_NAME_MAX] = '\0';
 
 	char tbuf[32];
 	tbuf[0] = '\0';
 	snprintf(tbuf, 32, "%f", get_timestamp_millis());
 
-	if(!host) host = "";
 	if(!resource) resource = "";
 
 	int len = strlen(resource) + 256;
diff --git a/src/libopensrf/transport_session.c b/src/libopensrf/transport_session.c
index 6d67cec..1854ee7 100644
--- a/src/libopensrf/transport_session.c
+++ b/src/libopensrf/transport_session.c
@@ -209,7 +209,9 @@ int session_connect( transport_session* session,
 	if( session->component ) {
 
 		/* the first Jabber connect stanza */
-		char* our_hostname = getenv("HOSTNAME");
+		char our_hostname[HOST_NAME_MAX + 1] = "";
+		gethostname(our_hostname, sizeof(our_hostname) );
+		our_hostname[HOST_NAME_MAX] = '\0';
 		size1 = 150 + strlen( server );
 		char stanza1[ size1 ]; 
 		snprintf( stanza1, sizeof(stanza1),
-- 
2.43.2