/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-secure-getenv.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-secure-getenv.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 diff -up openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_api.c
2     --- openssl-fips-0.9.8e/crypto/conf/conf_api.c.secure-getenv 2002-01-18 17:50:42.000000000 +0100
3     +++ openssl-fips-0.9.8e/crypto/conf/conf_api.c 2013-02-25 11:30:12.236666564 +0100
4     @@ -145,7 +145,7 @@ char *_CONF_get_string(const CONF *conf,
5     if (v != NULL) return(v->value);
6     if (strcmp(section,"ENV") == 0)
7     {
8     - p=Getenv(name);
9     + p=__secure_getenv(name);
10     if (p != NULL) return(p);
11     }
12     }
13     @@ -158,7 +158,7 @@ char *_CONF_get_string(const CONF *conf,
14     return(NULL);
15     }
16     else
17     - return(Getenv(name));
18     + return(__secure_getenv(name));
19     }
20    
21     #if 0 /* There's no way to provide error checking with this function, so
22     diff -up openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv openssl-fips-0.9.8e/crypto/conf/conf_mod.c
23     --- openssl-fips-0.9.8e/crypto/conf/conf_mod.c.secure-getenv 2007-04-09 13:47:59.000000000 +0200
24     +++ openssl-fips-0.9.8e/crypto/conf/conf_mod.c 2013-02-25 11:08:07.151779458 +0100
25     @@ -548,8 +548,8 @@ char *CONF_get1_default_config_file(void
26     char *file;
27     int len;
28    
29     - file = getenv("OPENSSL_CONF");
30     - if (file)
31     + file = __secure_getenv("OPENSSL_CONF");
32     + if (file)
33     return BUF_strdup(file);
34    
35     len = strlen(X509_get_default_cert_area());
36     diff -up openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv openssl-fips-0.9.8e/crypto/engine/eng_list.c
37     --- openssl-fips-0.9.8e/crypto/engine/eng_list.c.secure-getenv 2005-08-06 12:34:35.000000000 +0200
38     +++ openssl-fips-0.9.8e/crypto/engine/eng_list.c 2013-02-25 11:08:07.158779477 +0100
39     @@ -398,9 +398,9 @@ ENGINE *ENGINE_by_id(const char *id)
40     if (strcmp(id, "dynamic"))
41     {
42     #ifdef OPENSSL_SYS_VMS
43     - if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
44     + if(OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
45     #else
46     - if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
47     + if((load_dir = __secure_getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
48     #endif
49     iterator = ENGINE_by_id("dynamic");
50     if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
51     diff -up openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv openssl-fips-0.9.8e/crypto/o_init.c
52     --- openssl-fips-0.9.8e/crypto/o_init.c.secure-getenv 2013-02-25 11:06:31.267583370 +0100
53     +++ openssl-fips-0.9.8e/crypto/o_init.c 2013-02-25 11:08:07.160779483 +0100
54     @@ -77,7 +77,7 @@ static void init_fips_mode(void)
55     char buf[2] = "0";
56     int fd;
57    
58     - if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
59     + if (__secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
60     {
61     buf[0] = '1';
62     }
63     diff -up openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv openssl-fips-0.9.8e/crypto/rand/randfile.c
64     --- openssl-fips-0.9.8e/crypto/rand/randfile.c.secure-getenv 2007-03-02 18:44:55.000000000 +0100
65     +++ openssl-fips-0.9.8e/crypto/rand/randfile.c 2013-02-25 11:08:07.161779486 +0100
66     @@ -231,8 +231,7 @@ const char *RAND_file_name(char *buf, si
67     struct stat sb;
68     #endif
69    
70     - if (OPENSSL_issetugid() == 0)
71     - s=getenv("RANDFILE");
72     + s=__secure_getenv("RANDFILE");
73     if (s != NULL && *s && strlen(s) + 1 < size)
74     {
75     if (BUF_strlcpy(buf,s,size) >= size)
76     @@ -240,8 +239,7 @@ const char *RAND_file_name(char *buf, si
77     }
78     else
79     {
80     - if (OPENSSL_issetugid() == 0)
81     - s=getenv("HOME");
82     + s=__secure_getenv("HOME");
83     #ifdef DEFAULT_HOME
84     if (s == NULL)
85     {
86     diff -up openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_dir.c
87     --- openssl-fips-0.9.8e/crypto/x509/by_dir.c.secure-getenv 2007-02-18 18:23:20.000000000 +0100
88     +++ openssl-fips-0.9.8e/crypto/x509/by_dir.c 2013-02-25 11:30:43.748730065 +0100
89     @@ -123,7 +123,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
90     case X509_L_ADD_DIR:
91     if (argl == X509_FILETYPE_DEFAULT)
92     {
93     - dir=(char *)Getenv(X509_get_default_cert_dir_env());
94     + dir=(char *)__secure_getenv(X509_get_default_cert_dir_env());
95     if (dir)
96     ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
97     else
98     diff -up openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/by_file.c
99     --- openssl-fips-0.9.8e/crypto/x509/by_file.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
100     +++ openssl-fips-0.9.8e/crypto/x509/by_file.c 2013-02-25 11:31:03.429770740 +0100
101     @@ -100,7 +100,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
102     case X509_L_FILE_LOAD:
103     if (argl == X509_FILETYPE_DEFAULT)
104     {
105     - file = (char *)Getenv(X509_get_default_cert_file_env());
106     + file = (char *)__secure_getenv(X509_get_default_cert_file_env());
107     if (file)
108     ok = (X509_load_cert_crl_file(ctx,file,
109     X509_FILETYPE_PEM) != 0);
110     diff -up openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv openssl-fips-0.9.8e/crypto/x509/x509_vfy.c
111     --- openssl-fips-0.9.8e/crypto/x509/x509_vfy.c.secure-getenv 2013-02-25 11:06:31.000000000 +0100
112     +++ openssl-fips-0.9.8e/crypto/x509/x509_vfy.c 2013-02-25 11:11:48.476243592 +0100
113     @@ -414,7 +414,7 @@ static int check_chain_extensions(X509_S
114    
115     /* A hack to keep people who don't want to modify their software
116     happy */
117     - if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
118     + if (__secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
119     allow_proxy_certs = 1;
120    
121     /* Check all untrusted certificates */

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed