Remove all getenv() calls, especially those wrapped by issetugid().

getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems.  By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems.  Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others

2 files changed, 4 insertions, 20 deletions

diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
index efa4be9f6b..f296e6a962 100644
--- a/src/lib/libcrypto/conf/conf_api.c
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_api.c,v 1.14 2015/02/10 11:22:21 jsing Exp $ */
+/* $OpenBSD: conf_api.c,v 1.15 2015/04/11 16:03:21 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,7 +130,6 @@ char *
 _CONF_get_string(const CONF *conf, const char *section, const char *name)
 {
         CONF_VALUE *v, vv;
-        char *p;
 
         if (name == NULL)
                 return (NULL);
@@ -141,14 +140,6 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         v = lh_CONF_VALUE_retrieve(conf->data, &vv);
                         if (v != NULL)
                                 return (v->value);
-                        if (strcmp(section, "ENV") == 0) {
-                                if (issetugid() == 0)
-                                        p = getenv(name);
-                                else
-                                        p = NULL;
-                                if (p != NULL)
-                                        return (p);
-                        }
                 }
                 vv.section = "default";
                 vv.name = (char *)name;
@@ -157,11 +148,8 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name)
                         return (v->value);
                 else
                         return (NULL);
-        } else {
-                if (issetugid())
-                        return (NULL);
-                return (getenv(name));
-        }
+        } else
+                return (NULL);
 }
 
 static unsigned long
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index 4363f297c7..cb54cc2a87 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.25 2014/07/22 02:21:20 beck Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.26 2015/04/11 16:03:21 deraadt Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -546,10 +546,6 @@ CONF_get1_default_config_file(void)
 {
         char *file = NULL;
 
-        if (issetugid() == 0)
-                file = getenv("OPENSSL_CONF");
-        if (file)
-                return strdup(file);
         if (asprintf(&file, "%s/openssl.cnf",
             X509_get_default_cert_area()) == -1)
                 return (NULL);