packages/swtpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
swtpm/0002-swtpm_cert-Switch-to-open-from-fopen-for-writing-cer.patch
yezengruan c8073100c7 Addressed potential symlink attack issue (CVE-2020-28407) 
Signed-off-by: yezengruan <yezengruan@huawei.com>
2022-06-30 20:00:30 +08:00

78 lines
2.7 KiB
Diff
Raw Blame History

From ba12415fca1a3891a1386698eab09735a025d7ea Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Sun, 8 Nov 2020 21:40:35 -0500
Subject: [PATCH 2/5] swtpm_cert: Switch to open() from fopen() for writing
certificate
Switch to open from fopen() and make sure we do not follow symlinks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
src/swtpm_cert/ek-cert.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/swtpm_cert/ek-cert.c b/src/swtpm_cert/ek-cert.c
index 651d60f..0e0b4b1 100644
--- a/src/swtpm_cert/ek-cert.c
+++ b/src/swtpm_cert/ek-cert.c
@@ -51,6 +51,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <getopt.h>
+#include <sys/stat.h>
#include <arpa/inet.h>
@@ -995,7 +996,7 @@ main(int argc, char *argv[])
unsigned long long serial = 1;
time_t now;
int err;
- FILE *cert_file;
+ int cert_file_fd;
const char *subject = NULL;
const char *error = NULL;
int days = 365;
@@ -1675,8 +1676,9 @@ if (_err != GNUTLS_E_SUCCESS) { \
? GNUTLS_X509_FMT_PEM
: GNUTLS_X509_FMT_DER, &out);
if (cert_filename) {
- cert_file = fopen(cert_filename, "wb");
- if (cert_file == NULL) {
+ cert_file_fd = open(cert_filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOFOLLOW,
+ S_IRUSR|S_IWUSR);
+ if (cert_file_fd < 0) {
fprintf(stderr, "Could not open %s for writing the certificate: %s\n",
cert_filename,
strerror(errno));
@@ -1691,22 +1693,22 @@ if (_err != GNUTLS_E_SUCCESS) { \
},
.tag = htobe16(TCG_TAG_PCCLIENT_FULL_CERT),
};
- if (sizeof(hdr) != fwrite(&hdr, 1, sizeof(hdr), cert_file)) {
+ if (sizeof(hdr) != write(cert_file_fd, &hdr, sizeof(hdr))) {
fprintf(stderr, "Could not write certificate header: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
}
- if (out.size != fwrite(out.data, 1, out.size, cert_file)) {
+ if ((ssize_t)out.size != write(cert_file_fd, out.data, out.size)) {
fprintf(stderr, "Could not write certificate into file: %s\n",
strerror(errno));
- fclose(cert_file);
+ close(cert_file_fd);
unlink(cert_filename);
goto cleanup;
}
- fclose(cert_file);
+ close(cert_file_fd);
} else {
fprintf(stdout, "%s\n", out.data);
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink