diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-09-23 10:22:15 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-09-23 10:22:15 +0100 |
commit | 8b4ace9c50842c5b83401ea7b179dcab940387e1 (patch) | |
tree | 230f3135ceaace633cf93e9838b185c4a6664c2e /net-libs/xrootd/files | |
parent | 9ee6d97c2883d42f204a533a8bc1f4562df778fb (diff) |
gentoo resync : 23.09.2020
Diffstat (limited to 'net-libs/xrootd/files')
-rw-r--r-- | net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch new file mode 100644 index 000000000000..953c6aa3b2bc --- /dev/null +++ b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch @@ -0,0 +1,41 @@ +Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable +to this - but just in case. + +From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001 +From: Andrew Hanushevsky <abh@stanford.edu> +Date: Wed, 2 Sep 2020 23:13:52 -0700 +Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config + file. + +--- + src/XrdHttp/XrdHttpProtocol.cc | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc +index 66b89df20ed..5f50f2aeadd 100644 +--- a/src/XrdHttp/XrdHttpProtocol.cc ++++ b/src/XrdHttp/XrdHttpProtocol.cc +@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) { + + int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { + char *val; ++ bool inFile = false; + + // Get the path + // +@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { + // otherwise, the token itself is the secretkey + if (val[0] == '/') { + struct stat st; ++ inFile = true; + if ( stat(val, &st) ) { + eDest.Emsg("Config", errno, "stat shared secret key file", val); + return 1; +@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { + // Record the path + if (secretkey) free(secretkey); + secretkey = strdup(val); ++ if (!inFile) Config.noEcho(); + + return 0; + } |