Don't use getenv for critical functions when run as setuid/setgid

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5856)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-04 14:45:49 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2018-04-04 14:45:49 +0200
commit: 284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch)
tree: b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/engine/eng_list.c
parent: dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index bfd91e23c6..4bc7ea173c 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -317,7 +317,8 @@ ENGINE *ENGINE_by_id(const char *id)
      * Prevent infinite recursion if we're looking for the dynamic engine.
      */
     if (strcmp(id, "dynamic")) {
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+        if (OPENSSL_issetugid()
+                || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
             load_dir = ENGINESDIR;
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-04 14:45:49 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2018-04-04 14:45:49 +0200
commit	284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch)
tree	b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/engine/eng_list.c
parent	dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff)