isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.0.1e-secure-getenv.patch

a5ef24
diff -up openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_api.c
a5ef24
--- openssl-1.0.1e/crypto/conf/conf_api.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/conf/conf_api.c	2013-02-19 13:02:02.531188124 +0100
a5ef24
@@ -63,6 +63,8 @@
a5ef24
 # define NDEBUG
a5ef24
 #endif
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <assert.h>
a5ef24
 #include <stdlib.h>
a5ef24
 #include <string.h>
a5ef24
@@ -142,7 +144,7 @@ char *_CONF_get_string(const CONF *conf,
a5ef24
 			if (v != NULL) return(v->value);
a5ef24
 			if (strcmp(section,"ENV") == 0)
a5ef24
 				{
a5ef24
-				p=getenv(name);
a5ef24
+				p=secure_getenv(name);
a5ef24
 				if (p != NULL) return(p);
a5ef24
 				}
a5ef24
 			}
a5ef24
@@ -155,7 +157,7 @@ char *_CONF_get_string(const CONF *conf,
a5ef24
 			return(NULL);
a5ef24
 		}
a5ef24
 	else
a5ef24
-		return(getenv(name));
a5ef24
+		return (secure_getenv(name));
a5ef24
 	}
a5ef24
 
a5ef24
 #if 0 /* There's no way to provide error checking with this function, so
a5ef24
diff -up openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.1e/crypto/conf/conf_mod.c
a5ef24
--- openssl-1.0.1e/crypto/conf/conf_mod.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/conf/conf_mod.c	2013-02-19 13:02:02.531188124 +0100
a5ef24
@@ -56,6 +56,8 @@
a5ef24
  *
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdio.h>
a5ef24
 #include <ctype.h>
a5ef24
 #include <openssl/crypto.h>
a5ef24
@@ -548,8 +550,8 @@ char *CONF_get1_default_config_file(void
a5ef24
 	char *file;
a5ef24
 	int len;
a5ef24
 
a5ef24
-	file = getenv("OPENSSL_CONF");
a5ef24
-	if (file) 
a5ef24
+	file = secure_getenv("OPENSSL_CONF");
a5ef24
+	if (file)
a5ef24
 		return BUF_strdup(file);
a5ef24
 
a5ef24
 	len = strlen(X509_get_default_cert_area());
a5ef24
diff -up openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv openssl-1.0.1e/crypto/engine/eng_list.c
a5ef24
--- openssl-1.0.1e/crypto/engine/eng_list.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/engine/eng_list.c	2013-02-19 13:02:02.536188233 +0100
a5ef24
@@ -61,6 +61,8 @@
a5ef24
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include "eng_int.h"
a5ef24
 
a5ef24
 /* The linked-list of pointers to engine types. engine_list_head
a5ef24
@@ -399,9 +401,9 @@ ENGINE *ENGINE_by_id(const char *id)
a5ef24
 	if (strcmp(id, "dynamic"))
a5ef24
 		{
a5ef24
 #ifdef OPENSSL_SYS_VMS
a5ef24
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
a5ef24
+		if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
a5ef24
 #else
a5ef24
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
a5ef24
+		if((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
a5ef24
 #endif
a5ef24
 		iterator = ENGINE_by_id("dynamic");
a5ef24
 		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
a5ef24
diff -up openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.1e/crypto/md5/md5_dgst.c
a5ef24
--- openssl-1.0.1e/crypto/md5/md5_dgst.c.secure-getenv	2013-02-19 13:02:02.492187275 +0100
a5ef24
+++ openssl-1.0.1e/crypto/md5/md5_dgst.c	2013-02-19 13:02:02.537188254 +0100
a5ef24
@@ -56,6 +56,8 @@
a5ef24
  * [including the GNU Public Licence.]
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdio.h>
a5ef24
 #include "md5_locl.h"
a5ef24
 #include <openssl/opensslv.h>
a5ef24
@@ -74,7 +76,7 @@ const char MD5_version[]="MD5" OPENSSL_V
a5ef24
 int MD5_Init(MD5_CTX *c)
a5ef24
 #ifdef OPENSSL_FIPS
a5ef24
 	{
a5ef24
-	if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
a5ef24
+	if (FIPS_mode() && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
a5ef24
 		OpenSSLDie(__FILE__, __LINE__, \
a5ef24
                 "Digest MD5 forbidden in FIPS mode!");
a5ef24
 	return private_MD5_Init(c);
a5ef24
diff -up openssl-1.0.1e/crypto/o_init.c.secure-getenv openssl-1.0.1e/crypto/o_init.c
a5ef24
--- openssl-1.0.1e/crypto/o_init.c.secure-getenv	2013-02-19 13:02:02.428185882 +0100
a5ef24
+++ openssl-1.0.1e/crypto/o_init.c	2013-02-19 13:02:02.538188276 +0100
a5ef24
@@ -52,6 +52,8 @@
a5ef24
  *
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <e_os.h>
a5ef24
 #include <openssl/err.h>
a5ef24
 #ifdef OPENSSL_FIPS
a5ef24
@@ -71,7 +73,7 @@ static void init_fips_mode(void)
a5ef24
 	char buf[2] = "0";
a5ef24
 	int fd;
a5ef24
 	
a5ef24
-	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
a5ef24
+	if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
a5ef24
 		{
a5ef24
 		buf[0] = '1';
a5ef24
 		}
a5ef24
diff -up openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv openssl-1.0.1e/crypto/rand/randfile.c
a5ef24
--- openssl-1.0.1e/crypto/rand/randfile.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/rand/randfile.c	2013-02-19 13:03:06.971591052 +0100
a5ef24
@@ -60,6 +60,8 @@
a5ef24
 #if !defined(OPENSSL_SYS_VXWORKS)
a5ef24
 #define _XOPEN_SOURCE 500
a5ef24
 #endif
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 
a5ef24
 #include <errno.h>
a5ef24
 #include <stdio.h>
a5ef24
@@ -277,8 +279,7 @@ const char *RAND_file_name(char *buf, si
a5ef24
 	struct stat sb;
a5ef24
 #endif
a5ef24
 
a5ef24
-	if (OPENSSL_issetugid() == 0)
a5ef24
-		s=getenv("RANDFILE");
a5ef24
+	s=secure_getenv("RANDFILE");
a5ef24
 	if (s != NULL && *s && strlen(s) + 1 < size)
a5ef24
 		{
a5ef24
 		if (BUF_strlcpy(buf,s,size) >= size)
a5ef24
@@ -286,8 +287,7 @@ const char *RAND_file_name(char *buf, si
a5ef24
 		}
a5ef24
 	else
a5ef24
 		{
a5ef24
-		if (OPENSSL_issetugid() == 0)
a5ef24
-			s=getenv("HOME");
a5ef24
+		s=secure_getenv("HOME");
a5ef24
 #ifdef DEFAULT_HOME
a5ef24
 		if (s == NULL)
a5ef24
 			{
a5ef24
diff -up openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv openssl-1.0.1e/crypto/x509/by_dir.c
a5ef24
--- openssl-1.0.1e/crypto/x509/by_dir.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/x509/by_dir.c	2013-02-19 13:02:02.539188298 +0100
a5ef24
@@ -56,6 +56,8 @@
a5ef24
  * [including the GNU Public Licence.]
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdio.h>
a5ef24
 #include <time.h>
a5ef24
 #include <errno.h>
a5ef24
@@ -135,7 +137,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
a5ef24
 	case X509_L_ADD_DIR:
a5ef24
 		if (argl == X509_FILETYPE_DEFAULT)
a5ef24
 			{
a5ef24
-			dir=(char *)getenv(X509_get_default_cert_dir_env());
a5ef24
+			dir=(char *)secure_getenv(X509_get_default_cert_dir_env());
a5ef24
 			if (dir)
a5ef24
 				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
a5ef24
 			else
a5ef24
diff -up openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv openssl-1.0.1e/crypto/x509/by_file.c
a5ef24
--- openssl-1.0.1e/crypto/x509/by_file.c.secure-getenv	2013-02-19 13:02:02.236181701 +0100
a5ef24
+++ openssl-1.0.1e/crypto/x509/by_file.c	2013-02-19 13:02:02.554188624 +0100
a5ef24
@@ -56,6 +56,8 @@
a5ef24
  * [including the GNU Public Licence.]
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdio.h>
a5ef24
 #include <time.h>
a5ef24
 #include <errno.h>
a5ef24
@@ -100,7 +102,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
a5ef24
 	case X509_L_FILE_LOAD:
a5ef24
 		if (argl == X509_FILETYPE_DEFAULT)
a5ef24
 			{
a5ef24
-			file = (char *)getenv(X509_get_default_cert_file_env());
a5ef24
+			file = (char *)secure_getenv(X509_get_default_cert_file_env());
a5ef24
 			if (file)
a5ef24
 				ok = (X509_load_cert_crl_file(ctx,file,
a5ef24
 					      X509_FILETYPE_PEM) != 0);
a5ef24
diff -up openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.1e/crypto/x509/x509_vfy.c
a5ef24
--- openssl-1.0.1e/crypto/x509/x509_vfy.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/crypto/x509/x509_vfy.c	2013-02-19 13:02:02.556188668 +0100
a5ef24
@@ -56,6 +56,8 @@
a5ef24
  * [including the GNU Public Licence.]
a5ef24
  */
a5ef24
 
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdio.h>
a5ef24
 #include <time.h>
a5ef24
 #include <errno.h>
a5ef24
@@ -481,7 +483,7 @@ static int check_chain_extensions(X509_S
a5ef24
 			!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
a5ef24
 		/* A hack to keep people who don't want to modify their
a5ef24
 		   software happy */
a5ef24
-		if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
a5ef24
+		if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
a5ef24
 			allow_proxy_certs = 1;
a5ef24
 		purpose = ctx->param->purpose;
a5ef24
 		}
a5ef24
diff -up openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.1e/engines/ccgost/gost_ctl.c
a5ef24
--- openssl-1.0.1e/engines/ccgost/gost_ctl.c.secure-getenv	2013-02-11 16:26:04.000000000 +0100
a5ef24
+++ openssl-1.0.1e/engines/ccgost/gost_ctl.c	2013-02-19 13:02:02.557188690 +0100
a5ef24
@@ -6,6 +6,8 @@
a5ef24
  *        Implementation of control commands for GOST engine          *
a5ef24
  *            OpenSSL 0.9.9 libraries required                        *
a5ef24
  **********************************************************************/            
a5ef24
+/* for secure_getenv */
a5ef24
+#define _GNU_SOURCE
a5ef24
 #include <stdlib.h>
a5ef24
 #include <string.h>
a5ef24
 #include <openssl/crypto.h>
a5ef24
@@ -65,7 +67,7 @@ const char *get_gost_engine_param(int pa
a5ef24
 		{
a5ef24
 		return gost_params[param];
a5ef24
 		}
a5ef24
-	tmp = getenv(gost_envnames[param]);
a5ef24
+	tmp = secure_getenv(gost_envnames[param]);
a5ef24
 	if (tmp) 
a5ef24
 		{
a5ef24
 		if (gost_params[param]) OPENSSL_free(gost_params[param]);
a5ef24
@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
a5ef24
 	{
a5ef24
 	const char *tmp;
a5ef24
 	if (param <0 || param >GOST_PARAM_MAX) return 0;
a5ef24
-	tmp = getenv(gost_envnames[param]);
a5ef24
+	tmp = secure_getenv(gost_envnames[param]);
a5ef24
 	/* if there is value in the environment, use it, else -passed string * */
a5ef24
 	if (!tmp) tmp=value;
a5ef24
 	if (gost_params[param]) OPENSSL_free(gost_params[param]);