OPENSSL_issetugid() as in the main branch.

5 files changed, 24 insertions, 14 deletions

diff --git a/CHANGES b/CHANGES
index 794fc0a267..273e451cb1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.6 and 0.9.6a  [xx XXX 2001]
 
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
   *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
      due to incorrect handling of multi-threading:
 
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index ae761da79f..ac4839420f 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -34,8 +34,8 @@ SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/crypto.h b/crypto/crypto.h
index df6ccaff6d..09ae4cb89d 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -277,6 +277,8 @@ int CRYPTO_is_mem_check_on(void);
 const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
+int OPENSSL_issetugid(void);
+
 int CRYPTO_get_ex_new_index(int idx, STACK_OF(CRYPTO_EX_DATA_FUNCS) **skp, long argl, void *argp,
 	     CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 02f16aa810..0a4005bd4e 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -196,10 +196,11 @@ err:
 
 const char *RAND_file_name(char *buf, int size)
 	{
-	char *s;
+	char *s=NULL;
 	char *ret=NULL;
 
-	s=getenv("RANDFILE");
+	if (OPENSSL_issetugid() == 0)
+		s=getenv("RANDFILE");
 	if (s != NULL)
 		{
 		strncpy(buf,s,size-1);
@@ -208,16 +209,19 @@ const char *RAND_file_name(char *buf, int size)
 		}
 	else
 		{
-		s=getenv("HOME");
-		if (s == NULL) return(RFILE);
-		if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
-			return(RFILE);
-		strcpy(buf,s);
+		if (OPENSSL_issetugid() == 0)
+			s=getenv("HOME");
+		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+			{
+			strcpy(buf,s);
 #ifndef VMS
-		strcat(buf,"/");
+			strcat(buf,"/");
 #endif
-		strcat(buf,RFILE);
-		ret=buf;
+			strcat(buf,RFILE);
+			ret=buf;
+			}
+		  else
+		  	buf[0] = '\0'; /* no file name */
 		}
 	return(ret);
 	}
diff --git a/crypto/uid.c b/crypto/uid.c
index 734bddeb60..5612af48cf 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c
@@ -53,7 +53,7 @@
  *
  */
 
-#include <openssl/crypto.h>
+#include "openssl/crypto.h"
 
 #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
 
@@ -64,7 +64,7 @@ int OPENSSL_issetugid(void)
 	return issetugid();
 	}
 
-#elif defined(OPENSSL_SYS_WIN32)
+#elif defined(WIN32)
 
 int OPENSSL_issetugid(void)
 	{