diff options
Diffstat (limited to 'net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch')
-rw-r--r-- | net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch deleted file mode 100644 index 953c6aa3b2bc..000000000000 --- a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch +++ /dev/null @@ -1,41 +0,0 @@ -Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable -to this - but just in case. - -From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001 -From: Andrew Hanushevsky <abh@stanford.edu> -Date: Wed, 2 Sep 2020 23:13:52 -0700 -Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config - file. - ---- - src/XrdHttp/XrdHttpProtocol.cc | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc -index 66b89df20ed..5f50f2aeadd 100644 ---- a/src/XrdHttp/XrdHttpProtocol.cc -+++ b/src/XrdHttp/XrdHttpProtocol.cc -@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) { - - int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { - char *val; -+ bool inFile = false; - - // Get the path - // -@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { - // otherwise, the token itself is the secretkey - if (val[0] == '/') { - struct stat st; -+ inFile = true; - if ( stat(val, &st) ) { - eDest.Emsg("Config", errno, "stat shared secret key file", val); - return 1; -@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) { - // Record the path - if (secretkey) free(secretkey); - secretkey = strdup(val); -+ if (!inFile) Config.noEcho(); - - return 0; - } |