From: Richard Levitte <levitte@openssl.org>
Date: Sat, 27 Dec 2003 16:07:18 +0000 (+0000)
Subject: Only use environment variables if uid and gid are the same as euid and egid.
X-Git-Tag: OpenSSL_0_9_7d~53
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3e786f4b0d5df1956fe763ed68f1c8ce8519f0aa;p=oweals%2Fopenssl.git

Only use environment variables if uid and gid are the same as euid and egid.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
---

diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c
index 54d598565d..7588966cb2 100644
--- a/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
@@ -243,7 +243,8 @@ bad:
 		goto end;
 		}
 
-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+	if (cipher == NULL && OPENSSL_issetugid() == 0)
+		cipher=getenv("SSL_CIPHER");
 
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();