You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
244 lines
8.4 KiB
244 lines
8.4 KiB
diff -up openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_api.c |
|
--- openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/conf/conf_api.c 2013-02-19 13:02:02.531188124 +0100 |
|
@@ -63,6 +63,8 @@ |
|
# define NDEBUG |
|
#endif |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <assert.h> |
|
#include <stdlib.h> |
|
#include <string.h> |
|
@@ -142,7 +144,7 @@ char *_CONF_get_string(const CONF *conf, |
|
if (v != NULL) return(v->value); |
|
if (strcmp(section,"ENV") == 0) |
|
{ |
|
- p=getenv(name); |
|
+ p=secure_getenv(name); |
|
if (p != NULL) return(p); |
|
} |
|
} |
|
@@ -155,7 +157,7 @@ char *_CONF_get_string(const CONF *conf, |
|
return(NULL); |
|
} |
|
else |
|
- return(getenv(name)); |
|
+ return (secure_getenv(name)); |
|
} |
|
|
|
#if 0 /* There's no way to provide error checking with this function, so |
|
diff -up openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_mod.c |
|
--- openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/conf/conf_mod.c 2013-02-19 13:02:02.531188124 +0100 |
|
@@ -56,6 +56,8 @@ |
|
* |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdio.h> |
|
#include <ctype.h> |
|
#include <openssl/crypto.h> |
|
@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void |
|
char *file; |
|
int len; |
|
|
|
- file = getenv("OPENSSL_CONF"); |
|
- if (file) |
|
+ file = secure_getenv("OPENSSL_CONF"); |
|
+ if (file) |
|
return BUF_strdup(file); |
|
|
|
len = strlen(X509_get_default_cert_area()); |
|
diff -up openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1e/crypto/engine/eng_list.c |
|
--- openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/engine/eng_list.c 2013-02-19 13:02:02.536188233 +0100 |
|
@@ -61,6 +61,8 @@ |
|
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include "eng_int.h" |
|
|
|
/* The linked-list of pointers to engine types. engine_list_head |
|
@@ -399,9 +401,9 @@ ENGINE *ENGINE_by_id(const char *id) |
|
if (strcmp(id, "dynamic")) |
|
{ |
|
#ifdef OPENSSL_SYS_VMS |
|
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; |
|
+ if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; |
|
#else |
|
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; |
|
+ if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; |
|
#endif |
|
iterator = ENGINE_by_id("dynamic"); |
|
if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || |
|
diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1e/crypto/md5/md5_dgst.c |
|
--- openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv 2013-02-19 13:02:02.492187275 +0100 |
|
+++ openssl-1.0.1e/crypto/md5/md5_dgst.c 2013-02-19 13:02:02.537188254 +0100 |
|
@@ -56,6 +56,8 @@ |
|
* [including the GNU Public Licence.] |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdio.h> |
|
#include "md5_locl.h" |
|
#include <openssl/opensslv.h> |
|
@@ -74,7 +76,7 @@ const char MD5_version[]="MD5" OPENSSL_V |
|
int MD5_Init(MD5_CTX *c) |
|
#ifdef OPENSSL_FIPS |
|
{ |
|
- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) |
|
+ if (FIPS_mode() && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL) |
|
OpenSSLDie(__FILE__, __LINE__, \ |
|
"Digest MD5 forbidden in FIPS mode!"); |
|
return private_MD5_Init(c); |
|
diff -up openssl-1.0.1e/crypto/o_init.c.secure-getenv openssl-1.0.1e/crypto/o_init.c |
|
--- openssl-1.0.1e/crypto/o_init.c.secure-getenv 2013-02-19 13:02:02.428185882 +0100 |
|
+++ openssl-1.0.1e/crypto/o_init.c 2013-02-19 13:02:02.538188276 +0100 |
|
@@ -52,6 +52,8 @@ |
|
* |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <e_os.h> |
|
#include <openssl/err.h> |
|
#ifdef OPENSSL_FIPS |
|
@@ -71,7 +73,7 @@ static void init_fips_mode(void) |
|
char buf[2] = "0"; |
|
int fd; |
|
|
|
- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) |
|
+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) |
|
{ |
|
buf[0] = '1'; |
|
} |
|
diff -up openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv openssl-1.0.1e/crypto/rand/randfile.c |
|
--- openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/rand/randfile.c 2013-02-19 13:03:06.971591052 +0100 |
|
@@ -60,6 +60,8 @@ |
|
#if !defined(OPENSSL_SYS_VXWORKS) |
|
#define _XOPEN_SOURCE 500 |
|
#endif |
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
|
|
#include <errno.h> |
|
#include <stdio.h> |
|
@@ -277,8 +279,7 @@ const char *RAND_file_name(char *buf, si |
|
struct stat sb; |
|
#endif |
|
|
|
- if (OPENSSL_issetugid() == 0) |
|
- s=getenv("RANDFILE"); |
|
+ s=secure_getenv("RANDFILE"); |
|
if (s != NULL && *s && strlen(s) + 1 < size) |
|
{ |
|
if (BUF_strlcpy(buf,s,size) >= size) |
|
@@ -286,8 +287,7 @@ const char *RAND_file_name(char *buf, si |
|
} |
|
else |
|
{ |
|
- if (OPENSSL_issetugid() == 0) |
|
- s=getenv("HOME"); |
|
+ s=secure_getenv("HOME"); |
|
#ifdef DEFAULT_HOME |
|
if (s == NULL) |
|
{ |
|
diff -up openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1e/crypto/x509/by_dir.c |
|
--- openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/x509/by_dir.c 2013-02-19 13:02:02.539188298 +0100 |
|
@@ -56,6 +56,8 @@ |
|
* [including the GNU Public Licence.] |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdio.h> |
|
#include <time.h> |
|
#include <errno.h> |
|
@@ -135,7 +137,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in |
|
case X509_L_ADD_DIR: |
|
if (argl == X509_FILETYPE_DEFAULT) |
|
{ |
|
- dir=(char *)getenv(X509_get_default_cert_dir_env()); |
|
+ dir=(char *)secure_getenv(X509_get_default_cert_dir_env()); |
|
if (dir) |
|
ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); |
|
else |
|
diff -up openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv openssl-1.0.1e/crypto/x509/by_file.c |
|
--- openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv 2013-02-19 13:02:02.236181701 +0100 |
|
+++ openssl-1.0.1e/crypto/x509/by_file.c 2013-02-19 13:02:02.554188624 +0100 |
|
@@ -56,6 +56,8 @@ |
|
* [including the GNU Public Licence.] |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdio.h> |
|
#include <time.h> |
|
#include <errno.h> |
|
@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx |
|
case X509_L_FILE_LOAD: |
|
if (argl == X509_FILETYPE_DEFAULT) |
|
{ |
|
- file = (char *)getenv(X509_get_default_cert_file_env()); |
|
+ file = (char *)secure_getenv(X509_get_default_cert_file_env()); |
|
if (file) |
|
ok = (X509_load_cert_crl_file(ctx,file, |
|
X509_FILETYPE_PEM) != 0); |
|
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1e/crypto/x509/x509_vfy.c |
|
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c 2013-02-19 13:02:02.556188668 +0100 |
|
@@ -56,6 +56,8 @@ |
|
* [including the GNU Public Licence.] |
|
*/ |
|
|
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdio.h> |
|
#include <time.h> |
|
#include <errno.h> |
|
@@ -481,7 +483,7 @@ static int check_chain_extensions(X509_S |
|
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); |
|
/* A hack to keep people who don't want to modify their |
|
software happy */ |
|
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) |
|
+ if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS")) |
|
allow_proxy_certs = 1; |
|
purpose = ctx->param->purpose; |
|
} |
|
diff -up openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1e/engines/ccgost/gost_ctl.c |
|
--- openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv 2013-02-11 16:26:04.000000000 +0100 |
|
+++ openssl-1.0.1e/engines/ccgost/gost_ctl.c 2013-02-19 13:02:02.557188690 +0100 |
|
@@ -6,6 +6,8 @@ |
|
* Implementation of control commands for GOST engine * |
|
* OpenSSL 0.9.9 libraries required * |
|
**********************************************************************/ |
|
+/* for secure_getenv */ |
|
+#define _GNU_SOURCE |
|
#include <stdlib.h> |
|
#include <string.h> |
|
#include <openssl/crypto.h> |
|
@@ -65,7 +67,7 @@ const char *get_gost_engine_param(int pa |
|
{ |
|
return gost_params[param]; |
|
} |
|
- tmp = getenv(gost_envnames[param]); |
|
+ tmp = secure_getenv(gost_envnames[param]); |
|
if (tmp) |
|
{ |
|
if (gost_params[param]) OPENSSL_free(gost_params[param]); |
|
@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co |
|
{ |
|
const char *tmp; |
|
if (param <0 || param >GOST_PARAM_MAX) return 0; |
|
- tmp = getenv(gost_envnames[param]); |
|
+ tmp = secure_getenv(gost_envnames[param]); |
|
/* if there is value in the environment, use it, else -passed string * */ |
|
if (!tmp) tmp=value; |
|
if (gost_params[param]) OPENSSL_free(gost_params[param]);
|
|
|