http proxy handling: Use ossl_safe_getenv() instead of getenv()

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20810)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 42ea6bc8136d098ddcf041a902fe4aeace9d15f0..823325281218be9fe2aeb07033c773cb650992a4 100644 (file)
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -253,9 +253,9 @@ static int use_proxy(const char *no_proxy, const char *server)
      * compatible with other HTTP client implementations like wget, curl and git
      */
     if (no_proxy == NULL)
-        no_proxy = getenv("no_proxy");
+        no_proxy = ossl_safe_getenv("no_proxy");
     if (no_proxy == NULL)
-        no_proxy = getenv(OPENSSL_NO_PROXY);
+        no_proxy = ossl_safe_getenv(OPENSSL_NO_PROXY);
 
     if (no_proxy != NULL)
         found = strstr(no_proxy, server);
@@ -275,10 +275,9 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
      * compatible with other HTTP client implementations like wget, curl and git
      */
     if (proxy == NULL)
-        proxy = getenv(use_ssl ? "https_proxy" : "http_proxy");
+        proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
     if (proxy == NULL)
-        proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY :
-                       OPENSSL_HTTPS_PROXY);
+        proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY);
 
     if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
         return NULL;