Don't use getenv for critical functions when run as setuid/setgid

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5856)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-04 14:45:49 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-04 14:45:49 +0200
commit: 284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch)
tree: b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/conf
parent: dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 99f0fcc2b5..4a848b8c8f 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -480,9 +480,11 @@ char *CONF_get1_default_config_file(void)
     char *file, *sep = "";
     int len;
 
-    file = getenv("OPENSSL_CONF");
-    if (file)
-        return OPENSSL_strdup(file);
+    if (!OPENSSL_issetugid()) {
+        file = getenv("OPENSSL_CONF");
+        if (file)
+            return OPENSSL_strdup(file);
+    }
 
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-04 14:45:49 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-04 14:45:49 +0200
commit	284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch)
tree	b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/conf
parent	dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff)