From b6e092d1e41107edc3265fcda97c497aa21950e1 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 11 Apr 2015 16:03:21 +0000
Subject: Remove all getenv() calls, especially those wrapped by issetugid().
 getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
 difficult to impliment on many operating systems.  By accident, a grand
 experiment was run over the last year, where issetugid() returned 1 (the safe
 value) on a few operating systems.  Noone noticed & complained that certain
 environment variables were not working....... ok doug beck jsing, discussion
 with others

---
 src/lib/libcrypto/engine/eng_list.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'src/lib/libcrypto/engine')

diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 740db90852..939cc82b17 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: eng_list.c,v 1.17 2015/02/11 03:19:37 doug Exp $ */
+/* $OpenBSD: eng_list.c,v 1.18 2015/04/11 16:03:21 deraadt Exp $ */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
  * project 2000.
  */
@@ -386,12 +386,7 @@ ENGINE_by_id(const char *id)
 		return iterator;
 	/* Prevent infinite recusrion if we're looking for the dynamic engine. */
 	if (strcmp(id, "dynamic")) {
-		if (issetugid() == 0) {
-			load_dir = getenv("OPENSSL_ENGINES");
-			if (load_dir == NULL)
-				load_dir = ENGINESDIR;
-		} else
-			load_dir = ENGINESDIR;
+		load_dir = ENGINESDIR;
 
 		iterator = ENGINE_by_id("dynamic");
 		if (!iterator ||
-- 
cgit v1.2.3-55-g6feb