Use secure_getenv(3) when available.

Change all calls to getenv() inside libcrypto to use a new wrapper function that use secure_getenv() if available and an issetugid then getenv if not. CPU processor override flags are unchanged. Extra checks for OPENSSL_issetugid() have been removed in favour of the safe getenv. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/7047) (cherry picked from commit 5c39a55d04ea6e6f734b627a050b9e702788d50d)
author: Pauli <paul.dale@oracle.com> 2018-09-24 11:21:18 +1000
committer: Pauli <paul.dale@oracle.com> 2018-09-24 11:22:22 +1000
commit: 79c2c741303ed188214b9299a51c837635f7e9a8 (patch)
tree: 5641f4b8a493967f892affa94536e24383bd678b /crypto/engine
parent: 1fd6afb571e85fbc37ffb522646e7ec2c6e4a11e (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 4bc7ea173c..45c339c541 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -317,8 +317,7 @@ ENGINE *ENGINE_by_id(const char *id)
      * Prevent infinite recursion if we're looking for the dynamic engine.
      */
     if (strcmp(id, "dynamic")) {
-        if (OPENSSL_issetugid()
-                || (load_dir = getenv("OPENSSL_ENGINES")) == NULL)
+        if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
             load_dir = ENGINESDIR;
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
author	Pauli <paul.dale@oracle.com>	2018-09-24 11:21:18 +1000
committer	Pauli <paul.dale@oracle.com>	2018-09-24 11:22:22 +1000
commit	79c2c741303ed188214b9299a51c837635f7e9a8 (patch)
tree	5641f4b8a493967f892affa94536e24383bd678b /crypto/engine
parent	1fd6afb571e85fbc37ffb522646e7ec2c6e4a11e (diff)