genkey: escape passwords properly (#980859)
- genkey: escape commas in subject (#803305) - keyutil: fix crashes when printing errors (#1045354) - drop requirement on mod_ssl/mod_nss again (#1057858) Resolves: rhbz#1057858 Resolves: rhbz#1045354 Resolves: rhbz#803305 Resolves: rhbz#980859
This commit is contained in:
parent
c9e79dd4a6
commit
3c5bc63a88
|
@ -4,7 +4,7 @@
|
|||
Summary: SSL certificate and key management utilities
|
||||
Name: crypto-utils
|
||||
Version: 2.4.1
|
||||
Release: 46%{?dist}
|
||||
Release: 47%{?dist}
|
||||
Group: Applications/System
|
||||
# certwatch.c is GPLv2
|
||||
# pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
|
||||
|
@ -31,7 +31,7 @@ Source18: copying
|
|||
|
||||
BuildRequires: nss-devel >= 3.13.1, nss-util-devel >= 3.13.1, pkgconfig, newt-devel, xmlto
|
||||
BuildRequires: perl-devel, perl(Newt), perl(ExtUtils::MakeMaker)
|
||||
Requires: mod_nss, mod_ssl, perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1
|
||||
Requires: perl(Newt), nss >= 3.13.1, nss-util >= 3.13.1
|
||||
Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
|
||||
Requires: crontabs
|
||||
|
||||
|
@ -53,11 +53,11 @@ pushd srcs
|
|||
cp -p $RPM_SOURCE_DIR/$f $f
|
||||
done
|
||||
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror=implicit-function-declaration -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
||||
certwatch.c pemutil.c \
|
||||
-o certwatch -lnspr4 -lnss3
|
||||
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
||||
cc $RPM_OPT_FLAGS -Wall -Werror=implicit-function-declaration -Werror -I/usr/include/nspr4 -I/usr/include/nss3 \
|
||||
keyutil.c certext.c secutil.c \
|
||||
-o keyutil -lplc4 -lnspr4 -lnss3
|
||||
|
||||
|
@ -135,6 +135,12 @@ chmod -R u+w $RPM_BUILD_ROOT
|
|||
%{perl_vendorarch}/auto/Crypt
|
||||
|
||||
%changelog
|
||||
* Mon Jan 27 2014 Joe Orton <jorton@redhat.com> - 2.4.1-47
|
||||
- genkey: escape passwords properly (#980859)
|
||||
- genkey: escape commas in subject (#803305)
|
||||
- keyutil: fix crashes when printing errors (#1045354)
|
||||
- drop requirement on mod_ssl/mod_nss again (#1057858)
|
||||
|
||||
* Wed Jan 22 2014 Joe Orton <jorton@redhat.com> - 2.4.1-46
|
||||
- genkey: further tweaks to wording around key sizes
|
||||
|
||||
|
|
|
@ -918,7 +918,9 @@ EOT
|
|||
|
||||
return $ret if ($ret eq "Back" or $ret eq "Cancel");
|
||||
|
||||
$keyEncPassword = $pass1;
|
||||
# FIXME: Ugly, should use perl system() correctly.
|
||||
$pass1 =~ s/"/\\\"/g;
|
||||
$keyEncPassword = "\"". $pass1. "\"";
|
||||
|
||||
return "Next";
|
||||
}
|
||||
|
@ -1284,6 +1286,11 @@ sub getCertDetails
|
|||
$cert{'OU'} = $ents{'OU'}->Get();
|
||||
$cert{'CN'} = $ents{'CN'}->Get();
|
||||
|
||||
# Escape commas
|
||||
foreach my $part (keys %cert) {
|
||||
$cert{$part} =~ s/,/\\\\,/g;
|
||||
}
|
||||
|
||||
# Build the subject from the details
|
||||
|
||||
$SEP = ", ";
|
||||
|
|
20
keyutil.c
20
keyutil.c
|
@ -270,7 +270,7 @@ static SECStatus nss_Init_Tokens(secuPWData *pwdata)
|
|||
if (SECSuccess != ret) {
|
||||
if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) {
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"%s: The password for token '%s' is incorrect\n",
|
||||
"The password for token '%s' is incorrect\n",
|
||||
PK11_GetTokenName(slot));
|
||||
}
|
||||
status = SECFailure;
|
||||
|
@ -337,7 +337,7 @@ static SECStatus loadCert(
|
|||
cert = PK11_FindCertFromNickname((char *)nickname, NULL);
|
||||
if (!cert) {
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"%s: Can't find cert named (%s), bailing out\n", nickname);
|
||||
"Can't find cert named (%s), bailing out\n", nickname);
|
||||
rv = 255;
|
||||
break;
|
||||
} else {
|
||||
|
@ -404,7 +404,7 @@ static SECStatus loadKey(
|
|||
rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
|
||||
if (rv != SECSuccess) {
|
||||
SECU_PrintError(progName ? progName : "keyutil",
|
||||
"Can't authenticate\n", PORT_ErrorToString(rv));
|
||||
"Can't authenticate\n");
|
||||
break;
|
||||
}
|
||||
|
||||
|
@ -1484,7 +1484,7 @@ static int keyutil_main(
|
|||
goto shutdown;
|
||||
}
|
||||
|
||||
subject = CERT_AsciiToName((char *)subjectstr);
|
||||
subject = CERT_AsciiToName(subjectstr);
|
||||
if (!subject) {
|
||||
SECU_PrintError(progName,
|
||||
"Improperly formatted name: \"%s\"\n", subjectstr);
|
||||
|
@ -1497,7 +1497,7 @@ static int keyutil_main(
|
|||
outFile = PR_Open(certreqfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
|
||||
if (!outFile) {
|
||||
SECU_PrintError(progName,
|
||||
"%s -o: unable to open \"%s\" for writing (%ld, %ld)\n",
|
||||
"-o: unable to open \"%s\" for writing (%d, %d)\n",
|
||||
certreqfile, PR_GetError(), PR_GetOSError());
|
||||
return 255;
|
||||
}
|
||||
|
@ -1560,7 +1560,7 @@ static int keyutil_main(
|
|||
inFile = PR_Open(certreqfile, PR_RDONLY, 0);
|
||||
assert(inFile);
|
||||
if (!inFile) {
|
||||
SECU_PrintError(progName, "Failed to open file \"%s\" (%ld, %ld) for reading.\n",
|
||||
SECU_PrintError(progName, "Failed to open file \"%s\" (%d, %d) for reading.\n",
|
||||
certreqfile, PR_GetError(), PR_GetOSError());
|
||||
rv = SECFailure;
|
||||
goto shutdown;
|
||||
|
@ -1568,7 +1568,7 @@ static int keyutil_main(
|
|||
|
||||
outFile = PR_Open(certfile, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 00660);
|
||||
if (!outFile) {
|
||||
SECU_PrintError(progName, "Failed to open file \"%s\" (%ld, %ld).\n",
|
||||
SECU_PrintError(progName, "Failed to open file \"%s\" (%d, %d).\n",
|
||||
certfile, PR_GetError(), PR_GetOSError());
|
||||
rv = SECFailure;
|
||||
goto shutdown;
|
||||
|
@ -1588,8 +1588,8 @@ static int keyutil_main(
|
|||
ASCIIForIO,SelfSign,certutil_extns, thecert
|
||||
*/
|
||||
if (rv) {
|
||||
SECU_PrintError(progName, "Failed to create certificate \"%s\" (%ld).\n",
|
||||
outFile, PR_GetError());
|
||||
SECU_PrintError(progName, "Failed to create certificate \"%s\" (%d).\n",
|
||||
certreqfile, PR_GetError());
|
||||
rv = SECFailure;
|
||||
goto shutdown;
|
||||
}
|
||||
|
@ -1681,6 +1681,8 @@ int main(int argc, char **argv)
|
|||
CommandType cmd = cmd_CertReq;
|
||||
PRBool initialized = PR_FALSE;
|
||||
|
||||
progName = argv[0];
|
||||
|
||||
while ((optc = getopt_long(argc, argv, "atc:rs:g:v:e:f:d:z:i:p:o:k:h", options, NULL)) != -1) {
|
||||
switch (optc) {
|
||||
case 'a':
|
||||
|
|
15
secutil.c
15
secutil.c
|
@ -116,15 +116,12 @@ SECU_GetString(int16 error_number)
|
|||
return errString;
|
||||
}
|
||||
|
||||
void
|
||||
SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
|
||||
static void
|
||||
SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, va_list args)
|
||||
{
|
||||
va_list args;
|
||||
PRErrorCode err = PORT_GetError();
|
||||
const char * errString = PORT_ErrorToString(err);
|
||||
|
||||
va_start(args, msg);
|
||||
|
||||
SECU_Indent(out, level);
|
||||
fprintf(out, "%s: ", progName);
|
||||
vfprintf(out, msg, args);
|
||||
|
@ -132,13 +129,15 @@ SECU_PrintErrMsg(FILE *out, int level, char *progName, char *msg, ...)
|
|||
fprintf(out, ": %s\n", errString);
|
||||
else
|
||||
fprintf(out, ": error %d\n", (int)err);
|
||||
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
void SECU_PrintError(char *progName, char *msg, ...)
|
||||
{
|
||||
SECU_PrintErrMsg(stderr, 0, progName, msg);
|
||||
va_list args;
|
||||
|
||||
va_start(args, msg);
|
||||
SECU_PrintErrMsg(stderr, 0, progName, msg, args);
|
||||
va_end(args);
|
||||
}
|
||||
|
||||
#define INDENT_MULT 4
|
||||
|
|
|
@ -89,10 +89,13 @@ extern char *SECU_NoPassword(PK11SlotInfo *slot, PRBool retry, void *arg);
|
|||
extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
|
||||
|
||||
/* print out an error message */
|
||||
extern void SECU_PrintError(char *progName, char *msg, ...);
|
||||
|
||||
extern void SECU_PrintError(char *progName, char *msg, ...)
|
||||
__attribute__((format(printf, 2, 3)));
|
||||
|
||||
/* print out a system error message */
|
||||
extern void SECU_PrintSystemError(char *progName, char *msg, ...);
|
||||
extern void SECU_PrintSystemError(char *progName, char *msg, ...)
|
||||
__attribute__((format(printf, 2, 3)));
|
||||
|
||||
/* Read the contents of a file into a SECItem */
|
||||
extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
|
||||
|
|
Loading…
Reference in New Issue