From: Pauli Date: Mon, 24 Sep 2018 04:06:45 +0000 (+1000) Subject: Merge 1.0.2 setuid calls to getenv(3) safety. X-Git-Tag: OpenSSL_1_0_2q~18 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=788d2fa0cf38420fd729b336bdb88d5a6e9d68ac;p=oweals%2Fopenssl.git Merge 1.0.2 setuid calls to getenv(3) safety. Manual merge of #7047 to 1.0.2-stable. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/7300) --- diff --git a/crypto/Makefile b/crypto/Makefile index ad1b9f018b..72c96f6dde 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -36,9 +36,11 @@ TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \ + getenv.c LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \ + $(CPUID_OBJ) SRC= $(LIBSRC) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 60c9440120..480781d205 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -66,6 +66,7 @@ #include #include #include +#include "cryptlib.h" #include #include #include "e_os.h" @@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, if (v != NULL) return (v->value); if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return (p); } @@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, else return (NULL); } else - return (getenv(name)); + return (ossl_safe_getenv(name)); } #if 0 /* There's no way to provide error checking diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e2a9a81678..2a7a27b8ee 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void) char *file; int len; - file = getenv("OPENSSL_CONF"); + file = ossl_safe_getenv("OPENSSL_CONF"); if (file) return BUF_strdup(file); diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h index fba180a6b2..cdbddf1735 100644 --- a/crypto/cryptlib.h +++ b/crypto/cryptlib.h @@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; +char *ossl_safe_getenv(const char *); + #ifdef __cplusplus } #endif diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index 83c95d56f4..9e64b9dd93 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -62,6 +62,7 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ +#include "cryptlib.h" #include "eng_int.h" /* @@ -369,10 +370,10 @@ ENGINE *ENGINE_by_id(const char *id) */ if (strcmp(id, "dynamic")) { # ifdef OPENSSL_SYS_VMS - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; # else - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; # endif iterator = ENGINE_by_id("dynamic"); diff --git a/crypto/getenv.c b/crypto/getenv.c new file mode 100644 index 0000000000..53f1dfd457 --- /dev/null +++ b/crypto/getenv.c @@ -0,0 +1,31 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include +#include "cryptlib.h" + +char *ossl_safe_getenv(const char *name) +{ +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define SECURE_GETENV + return secure_getenv(name); +# endif +#endif + +#ifndef SECURE_GETENV + if (OPENSSL_issetugid()) + return NULL; + return getenv(name); +#endif +} diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index 728fd0a721..c93812cfb9 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -61,6 +61,7 @@ #include #include +#include "cryptlib.h" #include "e_os.h" #include #include @@ -327,14 +328,12 @@ const char *RAND_file_name(char *buf, size_t size) struct stat sb; #endif - if (OPENSSL_issetugid() == 0) - s = getenv("RANDFILE"); + s = ossl_safe_getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { if (BUF_strlcpy(buf, s, size) >= size) return NULL; } else { - if (OPENSSL_issetugid() == 0) - s = getenv("HOME"); + s = ossl_safe_getenv("HOME"); #ifdef DEFAULT_HOME if (s == NULL) { s = DEFAULT_HOME; diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 6f0209a275..9212076383 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -128,7 +128,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir = (char *)getenv(X509_get_default_cert_dir_env()); + dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env()); if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 82ce4e8d87..e6d0e6e1a6 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -97,7 +97,8 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = getenv(X509_get_default_cert_file_env()); + file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 869460d7cd..749768e5a6 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -621,7 +621,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) * A hack to keep people who don't want to modify their software * happy */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) + if (ossl_safe_getenv("OPENSSL_ALLOW_PROXY_CERTS")) allow_proxy_certs = 1; purpose = ctx->param->purpose; }