rpms / mingw-openssl

Clone
Source Code
GIT

Blame SOURCES/openssl-1.0.2i-secure-getenv.patch

c8 c8-beta c8s
  1.   e62613b7357e4cb980b3108a23f421d68cf83845
  2.   SOURCES
  3.   openssl-1.0.2i-secure-getenv.patch
Blob History Raw
e62613 
diff -up openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_api.c
e62613 
--- openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/conf/conf_api.c	2016-09-22 13:51:29.847742209 +0200
e62613 
@@ -63,6 +63,8 @@
e62613 
 # define NDEBUG
e62613 
 #endif
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <assert.h>
e62613 
 #include <stdlib.h>
e62613 
 #include <string.h>
e62613 
@@ -141,7 +143,7 @@ char *_CONF_get_string(const CONF *conf,
e62613 
             if (v != NULL)
e62613 
                 return (v->value);
e62613 
             if (strcmp(section, "ENV") == 0) {
e62613 
-                p = getenv(name);
e62613 
+                p = secure_getenv(name);
e62613 
                 if (p != NULL)
e62613 
                     return (p);
e62613 
             }
e62613 
@@ -154,7 +156,7 @@ char *_CONF_get_string(const CONF *conf,
e62613 
         else
e62613 
             return (NULL);
e62613 
     } else
e62613 
-        return (getenv(name));
e62613 
+        return (secure_getenv(name));
e62613 
 }
e62613
e62613 
 #if 0                           /* There's no way to provide error checking
e62613 
diff -up openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_mod.c
e62613 
--- openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/conf/conf_mod.c	2016-09-22 13:51:29.847742209 +0200
e62613 
@@ -57,6 +57,8 @@
e62613 
  *
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdio.h>
e62613 
 #include <ctype.h>
e62613 
 #include <openssl/crypto.h>
e62613 
@@ -530,7 +532,7 @@ char *CONF_get1_default_config_file(void
e62613 
     char *file;
e62613 
     int len;
e62613
e62613 
-    file = getenv("OPENSSL_CONF");
e62613 
+    file = secure_getenv("OPENSSL_CONF");
e62613 
     if (file)
e62613 
         return BUF_strdup(file);
e62613
e62613 
diff -up openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2i/crypto/engine/eng_list.c
e62613 
--- openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/engine/eng_list.c	2016-09-22 13:51:29.847742209 +0200
e62613 
@@ -62,6 +62,8 @@
e62613 
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include "eng_int.h"
e62613
e62613 
 /*
e62613 
@@ -369,10 +371,10 @@ ENGINE *ENGINE_by_id(const char *id)
e62613 
      */
e62613 
     if (strcmp(id, "dynamic")) {
e62613 
 # ifdef OPENSSL_SYS_VMS
e62613 
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
e62613 
+        if (OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0)
e62613 
             load_dir = "SSLROOT:[ENGINES]";
e62613 
 # else
e62613 
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
e62613 
+        if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)
e62613 
             load_dir = ENGINESDIR;
e62613 
 # endif
e62613 
         iterator = ENGINE_by_id("dynamic");
e62613 
diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2i/crypto/md5/md5_dgst.c
e62613 
--- openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv	2016-09-22 13:51:29.840742047 +0200
e62613 
+++ openssl-1.0.2i/crypto/md5/md5_dgst.c	2016-09-22 13:51:29.847742209 +0200
e62613 
@@ -56,6 +56,8 @@
e62613 
  * [including the GNU Public Licence.]
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdio.h>
e62613 
 #include "md5_locl.h"
e62613 
 #include <openssl/opensslv.h>
e62613 
@@ -75,7 +77,8 @@ const char MD5_version[] = "MD5" OPENSSL
e62613 
 int MD5_Init(MD5_CTX *c)
e62613 
 #ifdef OPENSSL_FIPS
e62613 
 {
e62613 
-    if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
e62613 
+    if (FIPS_mode()
e62613 
+        && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
e62613 
         OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
e62613 
     return private_MD5_Init(c);
e62613 
 }
e62613 
diff -up openssl-1.0.2i/crypto/o_init.c.secure-getenv openssl-1.0.2i/crypto/o_init.c
e62613 
--- openssl-1.0.2i/crypto/o_init.c.secure-getenv	2016-09-22 13:51:29.830741814 +0200
e62613 
+++ openssl-1.0.2i/crypto/o_init.c	2016-09-22 13:51:30.046746834 +0200
e62613 
@@ -53,6 +53,8 @@
e62613 
  *
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <e_os.h>
e62613 
 #include <openssl/err.h>
e62613 
 #ifdef OPENSSL_FIPS
e62613 
@@ -72,7 +74,7 @@ static void init_fips_mode(void)
e62613 
     char buf[2] = "0";
e62613 
     int fd;
e62613
e62613 
-    if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
e62613 
+    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
e62613 
         buf[0] = '1';
e62613 
     } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
e62613 
         while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
e62613 
diff -up openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv openssl-1.0.2i/crypto/rand/randfile.c
e62613 
--- openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/rand/randfile.c	2016-09-22 13:53:17.222237626 +0200
e62613 
@@ -55,6 +55,8 @@
e62613 
  * copied and put under another distribution licence
e62613 
  * [including the GNU Public Licence.]
e62613 
  */
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613
e62613 
 #include <errno.h>
e62613 
 #include <stdio.h>
e62613 
@@ -327,14 +329,12 @@ const char *RAND_file_name(char *buf, si
e62613 
     struct stat sb;
e62613 
 #endif
e62613
e62613 
-    if (OPENSSL_issetugid() == 0)
e62613 
-        s = getenv("RANDFILE");
e62613 
+    s = secure_getenv("RANDFILE");
e62613 
     if (s != NULL && *s && strlen(s) + 1 < size) {
e62613 
         if (BUF_strlcpy(buf, s, size) >= size)
e62613 
             return NULL;
e62613 
     } else {
e62613 
-        if (OPENSSL_issetugid() == 0)
e62613 
-            s = getenv("HOME");
e62613 
+        s = secure_getenv("HOME");
e62613 
 #ifdef DEFAULT_HOME
e62613 
         if (s == NULL) {
e62613 
             s = DEFAULT_HOME;
e62613 
diff -up openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2i/crypto/x509/by_dir.c
e62613 
--- openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/x509/by_dir.c	2016-09-22 13:51:30.047746858 +0200
e62613 
@@ -56,6 +56,8 @@
e62613 
  * [including the GNU Public Licence.]
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdio.h>
e62613 
 #include <time.h>
e62613 
 #include <errno.h>
e62613 
@@ -128,7 +130,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
e62613 
     switch (cmd) {
e62613 
     case X509_L_ADD_DIR:
e62613 
         if (argl == X509_FILETYPE_DEFAULT) {
e62613 
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
e62613 
+            dir = (char *)secure_getenv(X509_get_default_cert_dir_env());
e62613 
             if (dir)
e62613 
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
e62613 
             else
e62613 
diff -up openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv openssl-1.0.2i/crypto/x509/by_file.c
e62613 
--- openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv	2016-09-22 13:51:29.812741396 +0200
e62613 
+++ openssl-1.0.2i/crypto/x509/by_file.c	2016-09-22 13:51:30.047746858 +0200
e62613 
@@ -56,6 +56,8 @@
e62613 
  * [including the GNU Public Licence.]
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdio.h>
e62613 
 #include <time.h>
e62613 
 #include <errno.h>
e62613 
@@ -97,7 +99,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
e62613 
     switch (cmd) {
e62613 
     case X509_L_FILE_LOAD:
e62613 
         if (argl == X509_FILETYPE_DEFAULT) {
e62613 
-            file = (char *)getenv(X509_get_default_cert_file_env());
e62613 
+            file = (char *)secure_getenv(X509_get_default_cert_file_env());
e62613 
             if (file)
e62613 
                 ok = (X509_load_cert_crl_file(ctx, file,
e62613 
                                               X509_FILETYPE_PEM) != 0);
e62613 
diff -up openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2i/crypto/x509/x509_vfy.c
e62613 
--- openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/crypto/x509/x509_vfy.c	2016-09-22 13:51:30.048746881 +0200
e62613 
@@ -56,6 +56,8 @@
e62613 
  * [including the GNU Public Licence.]
e62613 
  */
e62613
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdio.h>
e62613 
 #include <time.h>
e62613 
 #include <errno.h>
e62613 
@@ -620,7 +622,7 @@ static int check_chain_extensions(X509_S
e62613 
          * A hack to keep people who don't want to modify their software
e62613 
          * happy
e62613 
          */
e62613 
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
e62613 
+        if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
e62613 
             allow_proxy_certs = 1;
e62613 
         purpose = ctx->param->purpose;
e62613 
     }
e62613 
diff -up openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2i/engines/ccgost/gost_ctl.c
e62613 
--- openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
e62613 
+++ openssl-1.0.2i/engines/ccgost/gost_ctl.c	2016-09-22 13:51:30.048746881 +0200
e62613 
@@ -6,6 +6,8 @@
e62613 
  *        Implementation of control commands for GOST engine          *
e62613 
  *            OpenSSL 0.9.9 libraries required                        *
e62613 
  **********************************************************************/
e62613 
+/* for secure_getenv */
e62613 
+#define _GNU_SOURCE
e62613 
 #include <stdlib.h>
e62613 
 #include <string.h>
e62613 
 #include <openssl/crypto.h>
e62613 
@@ -64,7 +66,7 @@ const char *get_gost_engine_param(int pa
e62613 
     if (gost_params[param] != NULL) {
e62613 
         return gost_params[param];
e62613 
     }
e62613 
-    tmp = getenv(gost_envnames[param]);
e62613 
+    tmp = secure_getenv(gost_envnames[param]);
e62613 
     if (tmp) {
e62613 
         if (gost_params[param])
e62613 
             OPENSSL_free(gost_params[param]);
e62613 
@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
e62613 
     const char *tmp;
e62613 
     if (param < 0 || param > GOST_PARAM_MAX)
e62613 
         return 0;
e62613 
-    tmp = getenv(gost_envnames[param]);
e62613 
+    tmp = secure_getenv(gost_envnames[param]);
e62613 
     /*
e62613 
      * if there is value in the environment, use it, else -passed string *
e62613 
      */

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation