diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-04-04 14:45:49 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-04-04 14:45:49 +0200 |
commit | 284f4f6b70998b2b46dc74c3003c82cb1db0e742 (patch) | |
tree | b5bf90f6a5a1803c699f182fb756d52e2c0d450a /crypto/engine | |
parent | dc55e4f70f401c5869410d6a0c068c18c3fd53ec (diff) | |
download | openssl-new-284f4f6b70998b2b46dc74c3003c82cb1db0e742.tar.gz |
Don't use getenv for critical functions when run as setuid/setgid
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5856)
Diffstat (limited to 'crypto/engine')
-rw-r--r-- | crypto/engine/eng_list.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index bfd91e23c6..4bc7ea173c 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -317,7 +317,8 @@ ENGINE *ENGINE_by_id(const char *id) * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { - if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL) + if (OPENSSL_issetugid() + || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || |