diff options
| author | Pauli <paul.dale@oracle.com> | 2018-09-24 03:21:18 +0200 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2018-09-24 03:21:18 +0200 |
| commit | 5c39a55d04ea6e6f734b627a050b9e702788d50d (patch) | |
| tree | ca64965f2c41af4b4827847753aaf2883e1a840a /crypto/getenv.c | |
| parent | Create the .rnd file it it does not exist (diff) | |
| download | openssl-5c39a55d04ea6e6f734b627a050b9e702788d50d.tar.xz openssl-5c39a55d04ea6e6f734b627a050b9e702788d50d.zip | |
Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.
CPU processor override flags are unchanged.
Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)
Diffstat (limited to 'crypto/getenv.c')
| -rw-r--r-- | crypto/getenv.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/crypto/getenv.c b/crypto/getenv.c new file mode 100644 index 0000000000..7e98b645b0 --- /dev/null +++ b/crypto/getenv.c @@ -0,0 +1,31 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include <stdlib.h> +#include "internal/cryptlib.h" + +char *ossl_safe_getenv(const char *name) +{ +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define SECURE_GETENV + return secure_getenv(name); +# endif +#endif + +#ifndef SECURE_GETENV + if (OPENSSL_issetugid()) + return NULL; + return getenv(name); +#endif +} |