Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-1.1
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-1.1
Commits
8a474a2a
Commit
8a474a2a
authored
Mar 04, 2006
by
Rémi Denis-Courmont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(safe) directory recursion when looking for CA certificates
parent
57ab1681
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
44 additions
and
34 deletions
+44
-34
modules/misc/gnutls.c
modules/misc/gnutls.c
+44
-34
No files found.
modules/misc/gnutls.c
View file @
8a474a2a
...
...
@@ -411,24 +411,11 @@ gnutls_ClientDelete( tls_session_t *p_session )
gnutls_certificate_free_credentials
(
x509_cred
);
}
inline
int
is_regular
(
const
char
*
psz_filename
)
{
#ifdef HAVE_SYS_STAT_H
struct
stat
st
;
return
(
utf8_stat
(
psz_filename
,
&
st
)
==
0
)
&&
S_ISREG
(
st
.
st_mode
);
#else
return
1
;
#endif
}
static
int
gnutls_Addx509Directory
(
vlc_object_t
*
p_this
,
gnutls_certificate_credentials
cred
,
const
char
*
psz_dirname
,
vlc_bool_t
private
)
vlc_bool_t
b_priv
)
{
DIR
*
dir
;
const
char
*
psz_dirent
;
...
...
@@ -443,39 +430,62 @@ gnutls_Addx509Directory( vlc_object_t *p_this,
strerror
(
errno
)
);
return
VLC_EGENERIC
;
}
#ifdef S_ISLNK
else
{
struct
stat
st1
,
st2
;
int
fd
=
dirfd
(
dir
);
/*
* Gets stats for the directory path, checks that it is not a
* symbolic link (to avoid possibly infinite recursion), and verifies
* that the inode is still the same, to avoid TOCTOU race condition.
*/
if
(
fstat
(
fd
,
&
st1
)
||
utf8_lstat
(
psz_dirname
,
&
st2
)
||
S_ISLNK
(
st2
.
st_mode
)
||
(
st1
.
st_ino
!=
st2
.
st_ino
)
)
{
closedir
(
dir
);
return
VLC_EGENERIC
;
}
}
#endif
while
(
(
psz_dirent
=
utf8_readdir
(
dir
)
)
!=
NULL
)
{
struct
stat
st
;
char
*
psz_filename
;
int
check
=
asprintf
(
&
psz_filename
,
"%s/%s"
,
psz_dirname
,
psz_dirent
);
LocaleFree
(
psz_dirent
);
if
(
check
==
-
1
)
{
closedir
(
dir
);
return
VLC_ENOMEM
;
}
continue
;
/* we neglect the race condition here - not security sensitive */
if
(
is_regular
(
psz_filename
)
)
if
(
utf8_stat
(
psz_filename
,
&
st
)
==
0
)
{
if
(
S_ISREG
(
st
.
st_mode
)
)
{
int
i
;
char
*
psz_localname
=
ToLocale
(
psz_filename
);
i
=
(
private
)
?
gnutls_certificate_set_x509_key_file
(
cred
,
psz_localname
,
psz_filename
,
GNUTLS_X509_FMT_PEM
)
:
gnutls_certificate_set_x509_trust_file
(
cred
,
psz_localname
,
GNUTLS_X509_FMT_PEM
);
int
i
=
b_priv
?
gnutls_certificate_set_x509_key_file
(
cred
,
psz_localname
,
psz_localname
,
GNUTLS_X509_FMT_PEM
)
:
gnutls_certificate_set_x509_trust_file
(
cred
,
psz_localname
,
GNUTLS_X509_FMT_PEM
);
LocaleFree
(
psz_localname
);
if
(
i
<
0
)
{
msg_Warn
(
p_this
,
"Cannot add x509 certificate (%s) : %s"
,
psz_filename
,
gnutls_strerror
(
i
)
);
}
}
else
if
(
S_ISDIR
(
st
.
st_mode
)
)
{
msg_Dbg
(
p_this
,
"Looking recursively for x509 certificates in %s"
,
psz_filename
);
gnutls_Addx509Directory
(
p_this
,
cred
,
psz_filename
,
b_priv
);
}
}
free
(
psz_filename
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment