Fix memory overrun in rsa padding check functions

[oweals/openssl.git] / crypto / conf / conf_api.c

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 9606b7f2227c880b2ab56c4d1aea66b35b75ada6..5e57d749ce5e7cc205e0e5140d19252b3517d8f0 100644 (file)
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,6 +10,7 @@
 /* Part of the code in here was originally in conf.c, which is now removed */
 
 #include "e_os.h"
+#include "internal/cryptlib.h"
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
@@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
             if (v != NULL)
                 return v->value;
             if (strcmp(section, "ENV") == 0) {
-                p = getenv(name);
+                p = ossl_safe_getenv(name);
                 if (p != NULL)
                     return p;
             }
@@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
         else
             return NULL;
     } else
-        return getenv(name);
+        return ossl_safe_getenv(name);
 }
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)