From 3f6d0024da68bdf5d0f128537ac3ed536e6e6a6c Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sat, 11 Apr 2015 16:03:21 +0000 Subject: Remove all getenv() calls, especially those wrapped by issetugid(). getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others --- src/lib/libcrypto/conf/conf_api.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) (limited to 'src/lib/libcrypto/conf/conf_api.c') diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c index efa4be9f6b..f296e6a962 100644 --- a/src/lib/libcrypto/conf/conf_api.c +++ b/src/lib/libcrypto/conf/conf_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf_api.c,v 1.14 2015/02/10 11:22:21 jsing Exp $ */ +/* $OpenBSD: conf_api.c,v 1.15 2015/04/11 16:03:21 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -130,7 +130,6 @@ char * _CONF_get_string(const CONF *conf, const char *section, const char *name) { CONF_VALUE *v, vv; - char *p; if (name == NULL) return (NULL); @@ -141,14 +140,6 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name) v = lh_CONF_VALUE_retrieve(conf->data, &vv); if (v != NULL) return (v->value); - if (strcmp(section, "ENV") == 0) { - if (issetugid() == 0) - p = getenv(name); - else - p = NULL; - if (p != NULL) - return (p); - } } vv.section = "default"; vv.name = (char *)name; @@ -157,11 +148,8 @@ _CONF_get_string(const CONF *conf, const char *section, const char *name) return (v->value); else return (NULL); - } else { - if (issetugid()) - return (NULL); - return (getenv(name)); - } + } else + return (NULL); } static unsigned long -- cgit v1.2.3-55-g6feb