diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-04-04 14:45:49 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-04-04 14:45:49 +0200 |
commit | 284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch) | |
tree | b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/conf | |
parent | dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff) |
Don't use getenv for critical functions when run as setuid/setgid
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5856)
Diffstat (limited to 'crypto/conf')
-rw-r--r-- | crypto/conf/conf_mod.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 99f0fcc2b5..4a848b8c8f 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -480,9 +480,11 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); + if (!OPENSSL_issetugid()) { + file = getenv("OPENSSL_CONF"); + if (file) + return OPENSSL_strdup(file); + } len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS |