Manual merge of #7047 to 1.0.2-stable.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7300)
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \
+ getenv.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \
+ $(CPUID_OBJ)
SRC= $(LIBSRC)
#include <assert.h>
#include <stdlib.h>
#include <string.h>
+#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include "e_os.h"
if (v != NULL)
return (v->value);
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return (p);
}
else
return (NULL);
} else
- return (getenv(name));
+ return (ossl_safe_getenv(name));
}
#if 0 /* There's no way to provide error checking
char *file;
int len;
- file = getenv("OPENSSL_CONF");
+ file = ossl_safe_getenv("OPENSSL_CONF");
if (file)
return BUF_strdup(file);
void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
+char *ossl_safe_getenv(const char *);
+
#ifdef __cplusplus
}
#endif
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
+#include "cryptlib.h"
#include "eng_int.h"
/*
*/
if (strcmp(id, "dynamic")) {
# ifdef OPENSSL_SYS_VMS
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)
load_dir = "SSLROOT:[ENGINES]";
# else
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)
load_dir = ENGINESDIR;
# endif
iterator = ENGINE_by_id("dynamic");
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+# define SECURE_GETENV
+ return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+ if (OPENSSL_issetugid())
+ return NULL;
+ return getenv(name);
+#endif
+}
#include <stdlib.h>
#include <string.h>
+#include "cryptlib.h"
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
struct stat sb;
#endif
- if (OPENSSL_issetugid() == 0)
- s = getenv("RANDFILE");
+ s = ossl_safe_getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size) {
if (BUF_strlcpy(buf, s, size) >= size)
return NULL;
} else {
- if (OPENSSL_issetugid() == 0)
- s = getenv("HOME");
+ s = ossl_safe_getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL) {
s = DEFAULT_HOME;
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- dir = (char *)getenv(X509_get_default_cert_dir_env());
+ dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env());
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
+
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
* A hack to keep people who don't want to modify their software
* happy
*/
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ if (ossl_safe_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}
projects / oweals / openssl.git / commitdiff