key zeroisation fix for p12

[openssl.git] / crypto / conf / conf_mod.c

diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index da591cba6366e22a5373afa30a16592e0299dbc3..df53609cc47e41f699444d38783ec58346afc6e4 100644 (file)
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,11 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/cryptlib.h"
 #include <stdio.h>
 #include <ctype.h>
 #include <openssl/crypto.h>
-#include "internal/cryptlib.h"
-#include "e_os.h"
 #include "internal/conf.h"
 #include "internal/dso.h"
 #include <openssl/x509.h>
@@ -233,9 +232,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
         supported_modules = sk_CONF_MODULE_new_null();
     if (supported_modules == NULL)
         return NULL;
-    tmod = OPENSSL_zalloc(sizeof(*tmod));
-    if (tmod == NULL)
+    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+        CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     tmod->dso = dso;
     tmod->name = OPENSSL_strdup(name);
@@ -480,9 +480,11 @@ char *CONF_get1_default_config_file(void)
     char *file, *sep = "";
     int len;
 
-    file = getenv("OPENSSL_CONF");
-    if (file)
-        return OPENSSL_strdup(file);
+    if (!OPENSSL_issetugid()) {
+        file = getenv("OPENSSL_CONF");
+        if (file)
+            return OPENSSL_strdup(file);
+    }
 
     len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS