[crypto-utils] Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey
Elio Maldonado
emaldonado at fedoraproject.org
Sat Feb 23 19:10:02 UTC 2013
commit dd95a2c5bcb91af1d065136121ba5aefbfc9f0ca
Author: Elio Maldonado <emaldona at redhat.com>
Date: Sat Feb 23 11:09:12 2013 -0800
Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey
crypto-utils.spec | 5 ++++-
genkey.pl | 9 +++++----
2 files changed, 9 insertions(+), 5 deletions(-)
---
diff --git a/crypto-utils.spec b/crypto-utils.spec
index 21ddc21..6d6d0e6 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.4.1
-Release: 38%{?dist}
+Release: 39%{?dist}
Group: Applications/System
License: MIT and GPLv2+ and MPLv1.0
@@ -127,6 +127,9 @@ chmod -R u+w $RPM_BUILD_ROOT
%{perl_vendorarch}/auto/Crypt
%changelog
+* Sat Feb 23 2013 Elio Maldonado <emaldona at redhat.com> - 2.4.1-39
+- Resolves: rhbz#862430 - CVE-2012-3504 - insecure temporary file usage in genkey
+
* Thu Feb 07 2013 Jon Ciesla <limburgher at gmail.com> - 2.4.1-38
- Merge review fixes, BZ 225666.
diff --git a/genkey.pl b/genkey.pl
index 4697ac6..195c096 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -43,6 +43,7 @@ $cadir = "$ssltop/CA";
use Crypt::Makerand;
use Newt;
use Getopt::Long;
+use File::Temp qw/ tempfile /;
sub InitRoot
{
@@ -361,7 +362,7 @@ sub nssconfigFound {
if (!$nssconf || !(-f $nssconf)) {
# do an rpm query
my $cmd = 'rpm -ql mod_nss';
- my $tmplist = "list";
+ ($fh, $tmplist) = tempfile("list.XXXXXX");
system("$cmd > $tmplist");
$nssconf = `grep nss.conf $tmplist`;
unlink($tmplist);
@@ -374,7 +375,7 @@ sub getModNSSDatabase {
# Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSCertificateDatabase/ { print $2 }\'' . " $nssconf";
- my $dbfile = "dbdirectory";
+ ($fh, $dbfile) = tempfile("dbdirectory.XXXXXX");
system("$cmd > $dbfile");
open(DIR, "<$dbfile");
my $dbdir = '';
@@ -390,7 +391,7 @@ sub getNSSNickname {
# Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSNickname/ { print $2 }\'' . " $nssconf";
- my $nicknamefile = "nssnickname";
+ ($fh, $nicknamefile) = tempfile("nssnickname.XXXXXX");
system("$cmd > $nicknamefile");
open(NICK, "<$nicknamefile");
my $nickname = '';
@@ -404,7 +405,7 @@ sub getNSSDBPrefix {
# Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSDBPrefix/ { print $2 }\'' . " $nssconf";
- my $prefixfile = "dbprefix";
+ ($fh, $prefixfile) = tempfile("dbprefix.XXXXXX");
system("$cmd > $prefixfile");
open(PREFIX, "<$prefixfile");
my $prefix = '';
More information about the scm-commits
mailing list