gentoo resync : 23.09.2020

1 files changed, 41 insertions, 0 deletions

diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
new file mode 100644
index 000000000000..953c6aa3b2bc
--- /dev/null
+++ b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
@@ -0,0 +1,41 @@
+Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable
+to this - but just in case.
+
+From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001
+From: Andrew Hanushevsky <abh@stanford.edu>
+Date: Wed, 2 Sep 2020 23:13:52 -0700
+Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config
+ file.
+
+---
+ src/XrdHttp/XrdHttpProtocol.cc | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc
+index 66b89df20ed..5f50f2aeadd 100644
+--- a/src/XrdHttp/XrdHttpProtocol.cc
++++ b/src/XrdHttp/XrdHttpProtocol.cc
+@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) {
+ 
+ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   char *val;
++  bool inFile = false;
+ 
+   // Get the path
+   //
+@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   // otherwise, the token itself is the secretkey
+   if (val[0] == '/') {
+     struct stat st;
++    inFile = true;
+     if ( stat(val, &st) ) {
+       eDest.Emsg("Config", errno, "stat shared secret key file", val);
+       return 1;
+@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
+   // Record the path
+   if (secretkey) free(secretkey);
+   secretkey = strdup(val);
++  if (!inFile) Config.noEcho();
+ 
+   return 0;
+ }