[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Paul I. Dale
pauli at openssl.org
Wed Sep 26 23:27:02 UTC 2018
The branch OpenSSL_1_0_2-stable has been updated
via 788d2fa0cf38420fd729b336bdb88d5a6e9d68ac (commit)
from 2b872562f56b6039179104657edddac22712d994 (commit)
- Log -----------------------------------------------------------------
commit 788d2fa0cf38420fd729b336bdb88d5a6e9d68ac
Author: Pauli <paul.dale at oracle.com>
Date: Mon Sep 24 14:06:45 2018 +1000
Merge 1.0.2 setuid calls to getenv(3) safety.
Manual merge of #7047 to 1.0.2-stable.
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7300)
-----------------------------------------------------------------------
Summary of changes:
crypto/Makefile | 6 ++++--
crypto/conf/conf_api.c | 5 +++--
crypto/conf/conf_mod.c | 2 +-
crypto/cryptlib.h | 2 ++
crypto/engine/eng_list.c | 5 +++--
crypto/getenv.c | 31 +++++++++++++++++++++++++++++++
crypto/rand/randfile.c | 7 +++----
crypto/x509/by_dir.c | 2 +-
crypto/x509/by_file.c | 3 ++-
crypto/x509/x509_vfy.c | 2 +-
10 files changed, 51 insertions(+), 14 deletions(-)
create mode 100644 crypto/getenv.c
diff --git a/crypto/Makefile b/crypto/Makefile
index ad1b9f0..72c96f6 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -36,9 +36,11 @@ TEST=constant_time_test.c
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \
+ getenv.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \
+ $(CPUID_OBJ)
SRC= $(LIBSRC)
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 60c9440..480781d 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -66,6 +66,7 @@
#include <assert.h>
#include <stdlib.h>
#include <string.h>
+#include "cryptlib.h"
#include <openssl/conf.h>
#include <openssl/conf_api.h>
#include "e_os.h"
@@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
if (v != NULL)
return (v->value);
if (strcmp(section, "ENV") == 0) {
- p = getenv(name);
+ p = ossl_safe_getenv(name);
if (p != NULL)
return (p);
}
@@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
else
return (NULL);
} else
- return (getenv(name));
+ return (ossl_safe_getenv(name));
}
#if 0 /* There's no way to provide error checking
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index e2a9a81..2a7a27b 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void)
char *file;
int len;
- file = getenv("OPENSSL_CONF");
+ file = ossl_safe_getenv("OPENSSL_CONF");
if (file)
return BUF_strdup(file);
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index fba180a..cdbddf1 100644
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...);
void *OPENSSL_stderr(void);
extern int OPENSSL_NONPIC_relocated;
+char *ossl_safe_getenv(const char *);
+
#ifdef __cplusplus
}
#endif
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 83c95d5..9e64b9d 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -62,6 +62,7 @@
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
+#include "cryptlib.h"
#include "eng_int.h"
/*
@@ -369,10 +370,10 @@ ENGINE *ENGINE_by_id(const char *id)
*/
if (strcmp(id, "dynamic")) {
# ifdef OPENSSL_SYS_VMS
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)
load_dir = "SSLROOT:[ENGINES]";
# else
- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == 0)
load_dir = ENGINESDIR;
# endif
iterator = ENGINE_by_id("dynamic");
diff --git a/crypto/getenv.c b/crypto/getenv.c
new file mode 100644
index 0000000..53f1dfd
--- /dev/null
+++ b/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+# define SECURE_GETENV
+ return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+ if (OPENSSL_issetugid())
+ return NULL;
+ return getenv(name);
+#endif
+}
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 728fd0a..c93812c 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -61,6 +61,7 @@
#include <stdlib.h>
#include <string.h>
+#include "cryptlib.h"
#include "e_os.h"
#include <openssl/crypto.h>
#include <openssl/rand.h>
@@ -327,14 +328,12 @@ const char *RAND_file_name(char *buf, size_t size)
struct stat sb;
#endif
- if (OPENSSL_issetugid() == 0)
- s = getenv("RANDFILE");
+ s = ossl_safe_getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size) {
if (BUF_strlcpy(buf, s, size) >= size)
return NULL;
} else {
- if (OPENSSL_issetugid() == 0)
- s = getenv("HOME");
+ s = ossl_safe_getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL) {
s = DEFAULT_HOME;
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 6f0209a..9212076 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -128,7 +128,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
switch (cmd) {
case X509_L_ADD_DIR:
if (argl == X509_FILETYPE_DEFAULT) {
- dir = (char *)getenv(X509_get_default_cert_dir_env());
+ dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env());
if (dir)
ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
else
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 82ce4e8..e6d0e6e 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -97,7 +97,8 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
+
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 869460d..749768e 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -621,7 +621,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
* A hack to keep people who don't want to modify their software
* happy
*/
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ if (ossl_safe_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}
More information about the openssl-commits
mailing list