diff options
author | deraadt <> | 2014-06-23 22:19:02 +0000 |
---|---|---|
committer | deraadt <> | 2014-06-23 22:19:02 +0000 |
commit | 11ccb5f8aefdd6b8279d0ac1be8fc3de3e08c12b (patch) | |
tree | 0758b2ca73b32d860fcfea38d70af1cafc23acf9 /src/lib/libcrypto/x509 | |
parent | f36fb0683122e796aa66b09a47e611631ede1944 (diff) | |
download | openbsd-11ccb5f8aefdd6b8279d0ac1be8fc3de3e08c12b.tar.gz openbsd-11ccb5f8aefdd6b8279d0ac1be8fc3de3e08c12b.tar.bz2 openbsd-11ccb5f8aefdd6b8279d0ac1be8fc3de3e08c12b.zip |
Since this is a library, place issetugid() before every getenv()
ok miod
Diffstat (limited to 'src/lib/libcrypto/x509')
-rw-r--r-- | src/lib/libcrypto/x509/by_dir.c | 5 | ||||
-rw-r--r-- | src/lib/libcrypto/x509/by_file.c | 7 |
2 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c index 21ba0a7bc2..187eba4515 100644 --- a/src/lib/libcrypto/x509/by_dir.c +++ b/src/lib/libcrypto/x509/by_dir.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: by_dir.c,v 1.27 2014/06/19 21:23:48 tedu Exp $ */ | 1 | /* $OpenBSD: by_dir.c,v 1.28 2014/06/23 22:19:02 deraadt Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -132,7 +132,8 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, | |||
132 | switch (cmd) { | 132 | switch (cmd) { |
133 | case X509_L_ADD_DIR: | 133 | case X509_L_ADD_DIR: |
134 | if (argl == X509_FILETYPE_DEFAULT) { | 134 | if (argl == X509_FILETYPE_DEFAULT) { |
135 | dir = (char *)getenv(X509_get_default_cert_dir_env()); | 135 | if (issetugid() == 0) |
136 | dir = getenv(X509_get_default_cert_dir_env()); | ||
136 | if (dir) | 137 | if (dir) |
137 | ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); | 138 | ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); |
138 | else | 139 | else |
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index ca010032eb..bb296e2a42 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: by_file.c,v 1.12 2014/06/12 15:49:31 deraadt Exp $ */ | 1 | /* $OpenBSD: by_file.c,v 1.13 2014/06/23 22:19:02 deraadt Exp $ */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 | * All rights reserved. | 3 | * All rights reserved. |
4 | * | 4 | * |
@@ -94,12 +94,13 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, | |||
94 | char **ret) | 94 | char **ret) |
95 | { | 95 | { |
96 | int ok = 0; | 96 | int ok = 0; |
97 | char *file; | 97 | char *file = NULL; |
98 | 98 | ||
99 | switch (cmd) { | 99 | switch (cmd) { |
100 | case X509_L_FILE_LOAD: | 100 | case X509_L_FILE_LOAD: |
101 | if (argl == X509_FILETYPE_DEFAULT) { | 101 | if (argl == X509_FILETYPE_DEFAULT) { |
102 | file = (char *)getenv(X509_get_default_cert_file_env()); | 102 | if (issetugid() == 0) |
103 | file = getenv(X509_get_default_cert_file_env()); | ||
103 | if (file) | 104 | if (file) |
104 | ok = (X509_load_cert_crl_file(ctx, file, | 105 | ok = (X509_load_cert_crl_file(ctx, file, |
105 | X509_FILETYPE_PEM) != 0); | 106 | X509_FILETYPE_PEM) != 0); |