From 284f4f6b70998b2b46dc74c3003c82cb1db0e742 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Wed, 4 Apr 2018 14:45:49 +0200 Subject: [PATCH] Don't use getenv for critical functions when run as setuid/setgid Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/5856) --- CHANGES | 4 ++++ crypto/conf/conf_mod.c | 8 +++++--- crypto/engine/eng_list.c | 3 ++- doc/man3/ENGINE_add.pod | 1 + doc/man3/OPENSSL_config.pod | 11 +++++++++++ doc/man5/config.pod | 16 ++++++++++++++++ 6 files changed, 39 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index b4d0329491..40b58239d5 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values + in libcrypto when run as setuid/setgid. + [Bernd Edlinger] + *) Added new public header file and documentation for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview. [Matthias St. Pierre] diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 99f0fcc2b5..4a848b8c8f 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -480,9 +480,11 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); + if (!OPENSSL_issetugid()) { + file = getenv("OPENSSL_CONF"); + if (file) + return OPENSSL_strdup(file); + } len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index bfd91e23c6..4bc7ea173c 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -317,7 +317,8 @@ ENGINE *ENGINE_by_id(const char *id) * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { - if ((load_dir = getenv("OPENSSL_ENGINES")) == NULL) + if (OPENSSL_issetugid() + || (load_dir = getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index b009949d6e..a2fc299482 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -568,6 +568,7 @@ extension). =item B The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. =back diff --git a/doc/man3/OPENSSL_config.pod b/doc/man3/OPENSSL_config.pod index e70fcd5498..ac686e6222 100644 --- a/doc/man3/OPENSSL_config.pod +++ b/doc/man3/OPENSSL_config.pod @@ -48,6 +48,17 @@ application calls OPENSSL_config() it doesn't need to know or care about ENGINE control operations because they can be performed by editing a configuration file. +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 RETURN VALUES Neither OPENSSL_config() nor OPENSSL_no_config() return a value. diff --git a/doc/man5/config.pod b/doc/man5/config.pod index ef8e10ef1b..09d72be2fd 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -384,6 +384,22 @@ will output: showing that the OID "newoid1" has been added as "1.2.3.4.1". +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. + +=item B + +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. + +=back + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> -- 2.34.1