From f4540c1b14cb6928daffc53f0db332cd741fe91d Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Fri, 7 Jun 2024 13:26:57 -0400
Subject: [PATCH] dont fall back to build time defaults on windows

to prevent security issues, don't fall back to build time default
locations, instead return the string "UNDEFINED"

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
---
 crypto/defaults.c | 40 +++++++++++++++++++---------------------
 1 file changed, 19 insertions(+), 21 deletions(-)

diff --git a/crypto/defaults.c b/crypto/defaults.c
index 792029eab4..e882d35c1f 100644
--- a/crypto/defaults.c
+++ b/crypto/defaults.c
@@ -102,23 +102,9 @@ static CRYPTO_ONCE defaults_setup_init = CRYPTO_ONCE_STATIC_INIT;
  */
 DEFINE_RUN_ONCE_STATIC(do_defaults_setup)
 {
-    char *tmp;
-    tmp = get_windows_regdirs(openssldir, TEXT("OPENSSLDIR"));
-# ifdef OPENSSLDIR
-    if (tmp == NULL)
-        strncpy(openssldir, OPENSSLDIR, MAX_PATH);
-# endif
-    tmp = get_windows_regdirs(enginesdir, TEXT("ENGINESDIR"));
-# ifdef ENGINESDIR
-    if (tmp == NULL)
-        strncpy(enginesdir, ENGINESDIR, MAX_PATH);
-# endif
-    tmp = get_windows_regdirs(modulesdir, TEXT("MODULESDIR"));
-# ifdef MODULESDIR
-    if (tmp == NULL)
-        strncpy(modulesdir, MODULESDIR, MAX_PATH);
-# endif
-        
+    get_windows_regdirs(openssldir, TEXT("OPENSSLDIR"));
+    get_windows_regdirs(enginesdir, TEXT("ENGINESDIR"));
+    get_windows_regdirs(modulesdir, TEXT("MODULESDIR"));
     return 1;
 }
 #endif
@@ -130,10 +116,14 @@ DEFINE_RUN_ONCE_STATIC(do_defaults_setup)
  */
 const char *ossl_get_openssldir(void)
 {
-#if defined(_WIN32) && defined(WININSTALLCONTEXT)
+#if defined(_WIN32)
+# if defined(WININSTALLCONTEXT)
     if (!RUN_ONCE(&defaults_setup_init, do_defaults_setup))
         return NULL;
     return (const char *)openssldir;
+# else
+    return "UNDEFINED";
+# endif
 #else
 # ifdef OPENSSLDIR
     return OPENSSLDIR;
@@ -150,10 +140,14 @@ const char *ossl_get_openssldir(void)
  */
 const char *ossl_get_enginesdir(void)
 {
-#if defined(_WIN32) && defined(WININSTALLCONTEXT)
+#if defined(_WIN32)
+# if defined(WININSTALLCONTEXT)
     if (!RUN_ONCE(&defaults_setup_init, do_defaults_setup))
         return NULL;
     return (const char *)enginesdir;
+# else
+    return "UNDEFINED";
+# endif
 #else
 # ifdef OPENSSLDIR
     return ENGINESDIR;
@@ -170,12 +164,16 @@ const char *ossl_get_enginesdir(void)
  */
 const char *ossl_get_modulesdir(void)
 {
-#if defined(_WIN32) && defined(WININSTALLCONTEXT)
+#if defined(_WIN32)
+# if definied (WININSTALLCONTEXT)
     if (!RUN_ONCE(&defaults_setup_init, do_defaults_setup))
         return NULL;
     return (const char *)modulesdir;
+# else
+    return "UNDEFINED";
+# endif
 #else
-# ifdef OPENSSLDIR
+# ifdef MODULESDIR
     return MODULESDIR;
 # else
     return "";