Since this is a library, place issetugid() before every getenv()

ok miod

10 files changed, 48 insertions, 26 deletions

diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
index 21ce4d9fe5..7480dda3d5 100644
--- a/src/lib/libcrypto/conf/conf_api.c
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_api.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: conf_api.c,v 1.11 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,6 +66,7 @@
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 
@@ -142,7 +143,10 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         if (v != NULL)
                                 return (v->value);
                         if (strcmp(section, "ENV") == 0) {
-                                p = getenv(name);
+                                if (issetugid() == 0)
+                                        p = getenv(name);
+                                else
+                                        p = NULL;
                                 if (p != NULL)
                                         return (p);
                         }
@@ -154,8 +158,11 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         return (v->value);
                 else
                         return (NULL);
-        } else
+        } else {
+                if (issetugid())
+                        return (NULL);
                 return (getenv(name));
+        }
 }
 
 #if 0 /* There's no way to provide error checking with this function, so
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index ae62f4abde..e58582a5ec 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.20 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.21 2014/06/23 22:19:02 deraadt Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -541,9 +541,10 @@ CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 char *
 CONF_get1_default_config_file(void)
 {
-        char *file;
+        char *file = NULL;
 
-        file = getenv("OPENSSL_CONF");
+        if (issetugid() == 0)
+                file = getenv("OPENSSL_CONF");
         if (file)
                 return BUF_strdup(file);
         if (asprintf(&file, "%s/openssl.cnf",
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 053767c646..22e2abb01d 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.10 2014/06/22 12:15:53 jsing Exp $ */
+/* $OpenBSD: eng_list.c,v 1.11 2014/06/23 22:19:02 deraadt Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -385,7 +385,8 @@ ENGINE_by_id(const char *id)
                 return iterator;
         /* Prevent infinite recusrion if we're looking for the dynamic engine. */
         if (strcmp(id, "dynamic")) {
-                if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+                if (issetugid() == 0 ||
+                    (load_dir = getenv("OPENSSL_ENGINES")) == 0)
                         load_dir = ENGINESDIR;
                 iterator = ENGINE_by_id("dynamic");
                 if (!iterator ||
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 21ba0a7bc2..187eba4515 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.27 2014/06/19 21:23:48 tedu Exp $ */
+/* $OpenBSD: by_dir.c,v 1.28 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -132,7 +132,8 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
         switch (cmd) {
         case X509_L_ADD_DIR:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        dir = (char *)getenv(X509_get_default_cert_dir_env());
+                        if (issetugid() == 0)
+                                dir = getenv(X509_get_default_cert_dir_env());
                         if (dir)
                                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
                         else
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index ca010032eb..bb296e2a42 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.12 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: by_file.c,v 1.13 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,12 +94,13 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
     char **ret)
 {
         int ok = 0;
-        char *file;
+        char *file = NULL;
 
         switch (cmd) {
         case X509_L_FILE_LOAD:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        file = (char *)getenv(X509_get_default_cert_file_env());
+                        if (issetugid() == 0)
+                                file = getenv(X509_get_default_cert_file_env());
                         if (file)
                                 ok = (X509_load_cert_crl_file(ctx, file,
                                     X509_FILETYPE_PEM) != 0);
diff --git a/src/lib/libssl/src/crypto/conf/conf_api.c b/src/lib/libssl/src/crypto/conf/conf_api.c
index 21ce4d9fe5..7480dda3d5 100644
--- a/src/lib/libssl/src/crypto/conf/conf_api.c
+++ b/src/lib/libssl/src/crypto/conf/conf_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_api.c,v 1.10 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: conf_api.c,v 1.11 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,6 +66,7 @@
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 
@@ -142,7 +143,10 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         if (v != NULL)
                                 return (v->value);
                         if (strcmp(section, "ENV") == 0) {
-                                p = getenv(name);
+                                if (issetugid() == 0)
+                                        p = getenv(name);
+                                else
+                                        p = NULL;
                                 if (p != NULL)
                                         return (p);
                         }
@@ -154,8 +158,11 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         return (v->value);
                 else
                         return (NULL);
-        } else
+        } else {
+                if (issetugid())
+                        return (NULL);
                 return (getenv(name));
+        }
 }
 
 #if 0 /* There's no way to provide error checking with this function, so
diff --git a/src/lib/libssl/src/crypto/conf/conf_mod.c b/src/lib/libssl/src/crypto/conf/conf_mod.c
index ae62f4abde..e58582a5ec 100644
--- a/src/lib/libssl/src/crypto/conf/conf_mod.c
+++ b/src/lib/libssl/src/crypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.20 2014/06/12 15:49:28 deraadt Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.21 2014/06/23 22:19:02 deraadt Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -541,9 +541,10 @@ CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
 char *
 CONF_get1_default_config_file(void)
 {
-        char *file;
+        char *file = NULL;
 
-        file = getenv("OPENSSL_CONF");
+        if (issetugid() == 0)
+                file = getenv("OPENSSL_CONF");
         if (file)
                 return BUF_strdup(file);
         if (asprintf(&file, "%s/openssl.cnf",
diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c
index 053767c646..22e2abb01d 100644
--- a/src/lib/libssl/src/crypto/engine/eng_list.c
+++ b/src/lib/libssl/src/crypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.10 2014/06/22 12:15:53 jsing Exp $ */
+/* $OpenBSD: eng_list.c,v 1.11 2014/06/23 22:19:02 deraadt Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -385,7 +385,8 @@ ENGINE_by_id(const char *id)
                 return iterator;
         /* Prevent infinite recusrion if we're looking for the dynamic engine. */
         if (strcmp(id, "dynamic")) {
-                if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+                if (issetugid() == 0 ||
+                    (load_dir = getenv("OPENSSL_ENGINES")) == 0)
                         load_dir = ENGINESDIR;
                 iterator = ENGINE_by_id("dynamic");
                 if (!iterator ||
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 21ba0a7bc2..187eba4515 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.27 2014/06/19 21:23:48 tedu Exp $ */
+/* $OpenBSD: by_dir.c,v 1.28 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -132,7 +132,8 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
         switch (cmd) {
         case X509_L_ADD_DIR:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        dir = (char *)getenv(X509_get_default_cert_dir_env());
+                        if (issetugid() == 0)
+                                dir = getenv(X509_get_default_cert_dir_env());
                         if (dir)
                                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
                         else
diff --git a/src/lib/libssl/src/crypto/x509/by_file.c b/src/lib/libssl/src/crypto/x509/by_file.c
index ca010032eb..bb296e2a42 100644
--- a/src/lib/libssl/src/crypto/x509/by_file.c
+++ b/src/lib/libssl/src/crypto/x509/by_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.12 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: by_file.c,v 1.13 2014/06/23 22:19:02 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,12 +94,13 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
     char **ret)
 {
         int ok = 0;
-        char *file;
+        char *file = NULL;
 
         switch (cmd) {
         case X509_L_FILE_LOAD:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        file = (char *)getenv(X509_get_default_cert_file_env());
+                        if (issetugid() == 0)
+                                file = getenv(X509_get_default_cert_file_env());
                         if (file)
                                 ok = (X509_load_cert_crl_file(ctx, file,
                                     X509_FILETYPE_PEM) != 0);