From 1ac73728e4fb9188de899a35eb12fe3adad86b1d Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Mon, 26 Aug 1996 00:17:29 +0000
Subject: use issetugid() to protect against bad getenv

---
 lib/libedit/el.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/libedit/el.c')

diff --git a/lib/libedit/el.c b/lib/libedit/el.c
index 7314477a69a..6a71eb82b05 100644
--- a/lib/libedit/el.c
+++ b/lib/libedit/el.c
@@ -77,7 +77,7 @@ el_init(prog, fin, fout)
     el->el_prog = strdup(prog);
 
 #ifdef DEBUG
-    if ((tty = getenv("DEBUGTTY")) != NULL) {
+    if (issetugid() == 0 && (tty = getenv("DEBUGTTY")) != NULL) {
 	el->el_errfile = fopen(tty, "w");
 	if (el->el_errfile == NULL) {
 		extern errno;
@@ -291,7 +291,7 @@ el_source(el, fname)
     if (fname == NULL) {
 	fname = &elpath[1];
 	if ((fp = fopen(fname, "r")) == NULL) {
-	    if ((ptr = getenv("HOME")) == NULL) 
+	    if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL) 
 		return -1;
 	    fname = strncpy(path, ptr, MAXPATHLEN);
 	    (void) strncat(path, elpath, MAXPATHLEN);
-- 
cgit v1.2.3