Don't use getenv for critical functions when run as setuid/setgid

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5856)

diff --git a/CHANGES b/CHANGES
index b4d0329491ae97ee365684029022eb533af558d7..40b58239d5db481cd789db3c31d0277c86ed3126 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,10 @@
 
  Changes between 1.1.0h and 1.1.1 [xx XXX xxxx]
 
+  *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
+     in libcrypto when run as setuid/setgid.
+     [Bernd Edlinger]
+
   *) Added new public header file <openssl/rand_drbg.h> and documentation
      for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview.
      [Matthias St. Pierre]

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 99f0fcc2b566dfd4c6c6e84a4395241d9144d5e0..4a848b8c8ff686f064f68705468a8609d9c8d1c1 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -480,9 +480,11 @@ char *CONF_get1_default_config_file(void)
     char *file, *sep = "";
     int len;
 
-    file = getenv("OPENSSL_CONF");
-    if (file)
-        return OPENSSL_strdup(file);
+    if (!OPENSSL_issetugid()) {
+        file = getenv("OPENSSL_CONF");
+        if (file)
+            return OPENSSL_strdup(file);
+    }
 
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS

diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index bfd91e23c6890f86111aefd56c75965a38721ea3..4bc7ea173cdce58f77a31ca4747e7040fb7e473a 100644 (file)
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -317,7 +317,8 @@ ENGINE *ENGINE_by_id(const char *id)
      * Prevent infinite recursion if we're looking for the dynamic engine.
      */
     if (strcmp(id, "dynamic")) {
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+        if (OPENSSL_issetugid()
+                || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
             load_dir = ENGINESDIR;
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||

diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod
index b009949d6e2dd3cb6469bb5c5d7b141cb0ca17ff..a2fc299482fc06f2a53edeb83a6ee884f253d614 100644 (file)
--- a/doc/man3/ENGINE_add.pod
+++ b/doc/man3/ENGINE_add.pod
@@ -568,6 +568,7 @@ extension).
 =item B<OPENSSL_ENGINES>
 
 The path to the engines directory.
+Ignored in set-user-ID and set-group-ID programs.
 
 =back
 

diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod
index e70fcd5498354a8fc4bc015115d079ab00a23e42..ac686e6222ae9040809e8a6b9ef9def05332717d 100644 (file)
--- a/doc/man3/OPENSSL_config.pod
+++ b/doc/man3/OPENSSL_config.pod
@@ -48,6 +48,17 @@ application calls OPENSSL_config() it doesn't need to know or care about
 ENGINE control operations because they can be performed by editing a
 configuration file.
 
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL_CONF>
+
+The path to the config file.
+Ignored in set-user-ID and set-group-ID programs.
+
+=back
+
 =head1 RETURN VALUES
 
 Neither OPENSSL_config() nor OPENSSL_no_config() return a value.

diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index ef8e10ef1b196ba1a403e241325349a7fcf704e2..09d72be2fd7f5edf196c463479456f29b1520fba 100644 (file)
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -384,6 +384,22 @@ will output:
 
 showing that the OID "newoid1" has been added as "1.2.3.4.1".
 
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL_CONF>
+
+The path to the config file.
+Ignored in set-user-ID and set-group-ID programs.
+
+=item B<OPENSSL_ENGINES>
+
+The path to the engines directory.
+Ignored in set-user-ID and set-group-ID programs.
+
+=back
+
 =head1 BUGS
 
 Currently there is no way to include characters using the octal B<\nnn>