79c2c74130
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.
CPU processor override flags are unchanged.
Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
(cherry picked from commit 5c39a55d04
)
31 lines
728 B
C
31 lines
728 B
C
/*
|
|
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef _GNU_SOURCE
|
|
# define _GNU_SOURCE
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
#include "internal/cryptlib.h"
|
|
|
|
char *ossl_safe_getenv(const char *name)
|
|
{
|
|
#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
|
|
# if __GLIBC_PREREQ(2, 17)
|
|
# define SECURE_GETENV
|
|
return secure_getenv(name);
|
|
# endif
|
|
#endif
|
|
|
|
#ifndef SECURE_GETENV
|
|
if (OPENSSL_issetugid())
|
|
return NULL;
|
|
return getenv(name);
|
|
#endif
|
|
}
|