rpms/crypto-utils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey

Browse Source
This commit is contained in:
Elio Maldonado 2013-02-23 11:09:12 -08:00
parent 8d6f3c4dae
commit dd95a2c5bc
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto-utils.spec
View File

@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities Summary: SSL certificate and key management utilities
Name: crypto-utils Name: crypto-utils
Version: 2.4.1 Version: 2.4.1
Release: 38%{?dist} Release: 39%{?dist}
Group: Applications/System Group: Applications/System
License: MIT and GPLv2+ and MPLv1.0 License: MIT and GPLv2+ and MPLv1.0
@ -127,6 +127,9 @@ chmod -R u+w $RPM_BUILD_ROOT
%{perl_vendorarch}/auto/Crypt %{perl_vendorarch}/auto/Crypt
%changelog %changelog
* Sat Feb 23 2013 Elio Maldonado <emaldona@redhat.com> - 2.4.1-39
- Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey
* Thu Feb 07 2013 Jon Ciesla <limburgher@gmail.com> - 2.4.1-38 * Thu Feb 07 2013 Jon Ciesla <limburgher@gmail.com> - 2.4.1-38
- Merge review fixes, BZ 225666. - Merge review fixes, BZ 225666.

9
genkey.pl
View File

@ -43,6 +43,7 @@ $cadir = "$ssltop/CA";
use Crypt::Makerand; use Crypt::Makerand;
use Newt; use Newt;
use Getopt::Long; use Getopt::Long;
use File::Temp qw/ tempfile /;
sub InitRoot sub InitRoot
{ {
@ -361,7 +362,7 @@ sub nssconfigFound {
if (!$nssconf || !(-f $nssconf)) { if (!$nssconf || !(-f $nssconf)) {
# do an rpm query # do an rpm query
my $cmd = 'rpm -ql mod_nss'; my $cmd = 'rpm -ql mod_nss';
my $tmplist = "list"; ($fh, $tmplist) = tempfile("list.XXXXXX");
system("$cmd > $tmplist"); system("$cmd > $tmplist");
$nssconf = `grep nss.conf $tmplist`; $nssconf = `grep nss.conf $tmplist`;
unlink($tmplist); unlink($tmplist);
@ -374,7 +375,7 @@ sub getModNSSDatabase {
# Extract the value from the mod_nss configuration file. # Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSCertificateDatabase/ { print $2 }\'' . " $nssconf"; my $cmd ='/usr/bin/gawk \'/^NSSCertificateDatabase/ { print $2 }\'' . " $nssconf";
my $dbfile = "dbdirectory"; ($fh, $dbfile) = tempfile("dbdirectory.XXXXXX");
system("$cmd > $dbfile"); system("$cmd > $dbfile");
open(DIR, "<$dbfile"); open(DIR, "<$dbfile");
my $dbdir = ''; my $dbdir = '';
@ -390,7 +391,7 @@ sub getNSSNickname {
# Extract the value from the mod_nss configuration file. # Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSNickname/ { print $2 }\'' . " $nssconf"; my $cmd ='/usr/bin/gawk \'/^NSSNickname/ { print $2 }\'' . " $nssconf";
my $nicknamefile = "nssnickname"; ($fh, $nicknamefile) = tempfile("nssnickname.XXXXXX");
system("$cmd > $nicknamefile"); system("$cmd > $nicknamefile");
open(NICK, "<$nicknamefile"); open(NICK, "<$nicknamefile");
my $nickname = ''; my $nickname = '';
@ -404,7 +405,7 @@ sub getNSSDBPrefix {
# Extract the value from the mod_nss configuration file. # Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSDBPrefix/ { print $2 }\'' . " $nssconf"; my $cmd ='/usr/bin/gawk \'/^NSSDBPrefix/ { print $2 }\'' . " $nssconf";
my $prefixfile = "dbprefix"; ($fh, $prefixfile) = tempfile("dbprefix.XXXXXX");
system("$cmd > $prefixfile"); system("$cmd > $prefixfile");
open(PREFIX, "<$prefixfile"); open(PREFIX, "<$prefixfile");
my $prefix = ''; my $prefix = '';