From 11ccb5f8aefdd6b8279d0ac1be8fc3de3e08c12b Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Mon, 23 Jun 2014 22:19:02 +0000
Subject: Since this is a library, place issetugid() before every getenv() ok
 miod

---
 src/lib/libcrypto/engine/eng_list.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/engine/eng_list.c')

diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 053767c646..22e2abb01d 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.10 2014/06/22 12:15:53 jsing Exp $ */
+/* $OpenBSD: eng_list.c,v 1.11 2014/06/23 22:19:02 deraadt Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -385,7 +385,8 @@ ENGINE_by_id(const char *id)
 		return iterator;
 	/* Prevent infinite recusrion if we're looking for the dynamic engine. */
 	if (strcmp(id, "dynamic")) {
-		if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+		if (issetugid() == 0 ||
+		    (load_dir = getenv("OPENSSL_ENGINES")) == 0)
 			load_dir = ENGINESDIR;
 		iterator = ENGINE_by_id("dynamic");
 		if (!iterator ||
-- 
cgit v1.2.3-55-g6feb