Commit 788d2fa0 authored by Pauli's avatar Pauli
Browse files

Merge 1.0.2 setuid calls to getenv(3) safety. 



Manual merge of #7047 to 1.0.2-stable.

Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7300)
parent 2b872562

crypto/Makefile

+4 −2
Original line number Diff line number Diff line
@@ -36,9 +36,11 @@ TEST=constant_time_test.c 
LIB= $(TOP)/libcrypto.a

SHARED_LIB= libcrypto$(SHLIB_EXT)

LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \

	ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c

	ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \

	getenv.c

LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \

	uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)

	uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \

	$(CPUID_OBJ)



SRC= $(LIBSRC)

crypto/conf/conf_api.c

+3 −2
Original line number Diff line number Diff line
@@ -66,6 +66,7 @@ 
#include <assert.h>

#include <stdlib.h>

#include <string.h>

#include "cryptlib.h"

#include <openssl/conf.h>

#include <openssl/conf_api.h>

#include "e_os.h"
@@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, 
            if (v != NULL)

                return (v->value);

            if (strcmp(section, "ENV") == 0) {

                p = getenv(name);

                p = ossl_safe_getenv(name);

                if (p != NULL)

                    return (p);

            }
@@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, 
        else

            return (NULL);

    } else

        return (getenv(name));

        return (ossl_safe_getenv(name));

}



#if 0                           /* There's no way to provide error checking

crypto/conf/conf_mod.c

+1 −1
Original line number Diff line number Diff line
@@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void) 
    char *file;

    int len;



    file = getenv("OPENSSL_CONF");

    file = ossl_safe_getenv("OPENSSL_CONF");

    if (file)

        return BUF_strdup(file);

crypto/cryptlib.h

+2 −0
Original line number Diff line number Diff line
@@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...); 
void *OPENSSL_stderr(void);

extern int OPENSSL_NONPIC_relocated;



char *ossl_safe_getenv(const char *);



#ifdef  __cplusplus

}

#endif

crypto/engine/eng_list.c

+3 −2
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.

 */



#include "cryptlib.h"

#include "eng_int.h"



/*
@@ -369,10 +370,10 @@ ENGINE *ENGINE_by_id(const char *id) 
     */

    if (strcmp(id, "dynamic")) {

# ifdef OPENSSL_SYS_VMS

        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)

        if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)

            load_dir = "SSLROOT:[ENGINES]";

# else

        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)

        if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)

            load_dir = ENGINESDIR;

# endif

        iterator = ENGINE_by_id("dynamic");