@@ -167,7 +167,7 @@ static node_module* modlist_addon;
167
167
168
168
#if defined(NODE_HAVE_I18N_SUPPORT)
169
169
// Path to ICU data (for i18n / Intl)
170
- static const char * icu_data_dir = nullptr ;
170
+ static std::string icu_data_dir; // NOLINT(runtime/string)
171
171
#endif
172
172
173
173
// used by C++ modules as well
@@ -945,12 +945,21 @@ Local<Value> UVException(Isolate* isolate,
945
945
946
946
947
947
// Look up environment variable unless running as setuid root.
948
- inline const char * secure_getenv (const char * key) {
948
+ inline bool SafeGetenv (const char * key, std::string* text ) {
949
949
#ifndef _WIN32
950
- if (getuid () != geteuid () || getgid () != getegid ())
951
- return nullptr ;
950
+ // TODO(bnoordhuis) Should perhaps also check whether getauxval(AT_SECURE)
951
+ // is non-zero on Linux.
952
+ if (getuid () != geteuid () || getgid () != getegid ()) {
953
+ text->clear ();
954
+ return false ;
955
+ }
952
956
#endif
953
- return getenv (key);
957
+ if (const char * value = getenv (key)) {
958
+ *text = value;
959
+ return true ;
960
+ }
961
+ text->clear ();
962
+ return false ;
954
963
}
955
964
956
965
@@ -3136,11 +3145,11 @@ void SetupProcessObject(Environment* env,
3136
3145
" icu" ,
3137
3146
OneByteString (env->isolate (), U_ICU_VERSION));
3138
3147
3139
- if (icu_data_dir != nullptr ) {
3148
+ if (!icu_data_dir. empty () ) {
3140
3149
// Did the user attempt (via env var or parameter) to set an ICU path?
3141
3150
READONLY_PROPERTY (process,
3142
3151
" icu_data_dir" ,
3143
- OneByteString (env->isolate (), icu_data_dir));
3152
+ OneByteString (env->isolate (), icu_data_dir. c_str () ));
3144
3153
}
3145
3154
#endif
3146
3155
@@ -3855,7 +3864,7 @@ static void ParseArgs(int* argc,
3855
3864
#endif /* HAVE_OPENSSL */
3856
3865
#if defined(NODE_HAVE_I18N_SUPPORT)
3857
3866
} else if (strncmp (arg, " --icu-data-dir=" , 15 ) == 0 ) {
3858
- icu_data_dir = arg + 15 ;
3867
+ icu_data_dir. assign ( arg + 15 ) ;
3859
3868
#endif
3860
3869
} else if (strcmp (arg, " --expose-internals" ) == 0 ||
3861
3870
strcmp (arg, " --expose_internals" ) == 0 ) {
@@ -4372,12 +4381,11 @@ void Init(int* argc,
4372
4381
#endif
4373
4382
4374
4383
#if defined(NODE_HAVE_I18N_SUPPORT)
4375
- if (icu_data_dir == nullptr ) {
4376
- // if the parameter isn't given, use the env variable.
4377
- icu_data_dir = secure_getenv (" NODE_ICU_DATA" );
4378
- }
4384
+ // If the parameter isn't given, use the env variable.
4385
+ if (icu_data_dir.empty ())
4386
+ SafeGetenv (" NODE_ICU_DATA" , &icu_data_dir);
4379
4387
// Initialize ICU.
4380
- // If icu_data_dir is nullptr here, it will load the 'minimal' data.
4388
+ // If icu_data_dir is empty here, it will load the 'minimal' data.
4381
4389
if (!i18n::InitializeICUDirectory (icu_data_dir)) {
4382
4390
FatalError (nullptr , " Could not initialize ICU "
4383
4391
" (check NODE_ICU_DATA or --icu-data-dir parameters)" );
@@ -4718,8 +4726,11 @@ int Start(int argc, char** argv) {
4718
4726
Init (&argc, const_cast <const char **>(argv), &exec_argc, &exec_argv);
4719
4727
4720
4728
#if HAVE_OPENSSL
4721
- if (const char * extra = secure_getenv (" NODE_EXTRA_CA_CERTS" ))
4722
- crypto::UseExtraCaCerts (extra);
4729
+ {
4730
+ std::string extra_ca_certs;
4731
+ if (SafeGetenv (" NODE_EXTRA_CA_CERTS" , &extra_ca_certs))
4732
+ crypto::UseExtraCaCerts (extra_ca_certs);
4733
+ }
4723
4734
#ifdef NODE_FIPS_MODE
4724
4735
// In the case of FIPS builds we should make sure
4725
4736
// the random source is properly initialized first.
@@ -4728,7 +4739,7 @@ int Start(int argc, char** argv) {
4728
4739
// V8 on Windows doesn't have a good source of entropy. Seed it from
4729
4740
// OpenSSL's pool.
4730
4741
V8::SetEntropySource (crypto::EntropySource);
4731
- #endif
4742
+ #endif // HAVE_OPENSSL
4732
4743
4733
4744
v8_platform.Initialize (v8_thread_pool_size);
4734
4745
V8::Initialize ();
0 commit comments