Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 137516 Details for
Bug 174759
ssl-cert.eclass docert function usage in src_install can expose SSL keys (CVE-2008-1383)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for docert()
ssl-cert.eclass.diff (text/plain), 1.70 KB, created by
Ulrich Müller
on 2007-12-01 23:50:08 UTC
(
hide
)
Description:
Proposed patch for docert()
Filename:
MIME Type:
Creator:
Ulrich Müller
Created:
2007-12-01 23:50:08 UTC
Size:
1.70 KB
patch
obsolete
>--- ssl-cert.eclass~ 2007-12-02 00:33:18.000000000 +0100 >+++ ssl-cert.eclass 2007-12-02 00:37:49.000000000 +0100 >@@ -148,6 +148,12 @@ > return 1; > fi > >+ case ${EBUILD_PHASE} in >+ unpack|compile|test|install) >+ eerror "docert cannot be called in ${EBUILD_PHASE}" >+ return 1 ;; >+ esac >+ > # Initialize configuration > gen_cnf || return 1 > echo >@@ -160,17 +166,16 @@ > > local count=0 > for cert in "$@" ; do >- # Sanitize and check the requested certificate >- cert="`/usr/bin/basename "${cert}"`" >- if [ -z "${cert}" ] ; then >+ # Check the requested certificate >+ if [ -z "${cert##*/}" ] ; then > ewarn "Invalid certification requested, skipping" > continue > fi > > # Check for previous existence of generated files > for type in key crt pem ; do >- if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then >- ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping" >+ if [ -e "${ROOT}${cert}.${type}" ] ; then >+ ewarn "${ROOT}${cert}.${type}: exists, skipping" > continue 2 > fi > done >@@ -184,14 +189,11 @@ > > # Install the generated files and set sane permissions > local base=`get_base` >- newins "${base}.key" "${cert}.key" >- fperms 0400 "${INSDESTTREE}/${cert}.key" >- newins "${base}.csr" "${cert}.csr" >- fperms 0444 "${INSDESTTREE}/${cert}.csr" >- newins "${base}.crt" "${cert}.crt" >- fperms 0444 "${INSDESTTREE}/${cert}.crt" >- newins "${base}.pem" "${cert}.pem" >- fperms 0400 "${INSDESTTREE}/${cert}.pem" >+ install -d "${ROOT}${cert%/*}" >+ install -m0400 "${base}.key" "${ROOT}${cert}.key" >+ install -m0444 "${base}.csr" "${ROOT}${cert}.csr" >+ install -m0444 "${base}.crt" "${ROOT}${cert}.crt" >+ install -m0400 "${base}.pem" "${ROOT}${cert}.pem" > count=$((${count}+1)) > done >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 174759
: 137516