Fix race condition when creating/rotating keys
Resolves: rhbz#2182410 Resolves: CVE-2023-1672 Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
This commit is contained in:
Sergio Arroutbi
parent
21c59292b5
commit
2c45aeb9a3
31
0003-Fix-permissions-race-condition.patch
Normal file
31
0003-Fix-permissions-race-condition.patch
Normal file
@ -0,0 +1,31 @@
|
||||
--- tang-7.ori/src/tangd-keygen 2017-06-10 15:29:39.000000000 +0200
|
||||
+++ tang-7/src/tangd-keygen 2023-06-28 11:40:01.700819479 +0200
|
||||
@@ -27,6 +27,8 @@
|
||||
|
||||
[ $# -eq 3 ] && sig=$2 && exc=$3
|
||||
|
||||
+# Set default umask for file creation.
|
||||
+umask 0337
|
||||
jwe=`jose jwk gen -i '{"alg":"ES512"}'`
|
||||
[ -z "$sig" ] && sig=`echo "$jwe" | jose jwk thp -i-`
|
||||
echo "$jwe" > $1/$sig.jwk
|
||||
--- tang-7.ori/src/keys.c 2023-06-28 09:57:08.706712410 +0200
|
||||
+++ tang-7/src/keys.c 2023-06-28 11:43:41.742247417 +0200
|
||||
@@ -23,6 +23,7 @@
|
||||
#include <jose/io.h>
|
||||
#include <jansson.h>
|
||||
#include <string.h>
|
||||
+#include <sys/stat.h>
|
||||
|
||||
#include "util.h"
|
||||
#include "keys.h"
|
||||
@@ -557,6 +558,9 @@
|
||||
/* At this point, there are no keys, so let's create them. */
|
||||
const char *alg[] = {"ES512", "ECMR", NULL};
|
||||
char path[PATH_MAX];
|
||||
+
|
||||
+ /* Set default umask for file creation. */
|
||||
+ umask(0337);
|
||||
for (int i = 0; alg[i] != NULL; i++) {
|
||||
struct tang_jwk *jwk __attribute__((cleanup(cleanup_tang_jwk))) = generate_new_tang_jwk(alg[i]);
|
||||
if (!jwk) {
|
||||
@ -1,6 +1,6 @@
|
||||
Name: tang
|
||||
Version: 7
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Summary: Network Presence Binding Daemon
|
||||
|
||||
License: GPLv3+
|
||||
@ -8,6 +8,7 @@ URL: https://github.com/latchset/%{name}
|
||||
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
|
||||
Patch1: 0001-Move-key-generation-to-tang.patch
|
||||
Patch2: 0002-Exit-with-success-unless-the-issue-was-with-with-tan.patch
|
||||
Patch3: 0003-Fix-permissions-race-condition.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: autoconf
|
||||
@ -89,6 +90,11 @@ exit 0
|
||||
%{_mandir}/man1/tang-show-keys.1*
|
||||
|
||||
%changelog
|
||||
* Wed Jun 28 2023 Sergio Arroutbi <sarroutb@redhat.com> - 7-7
|
||||
- Fix race condition when creating/rotating keys
|
||||
Resolves: rhbz#2182410
|
||||
Resolves: CVE-2023-1672
|
||||
|
||||
* Wed Jan 13 2021 Sergio Correia <scorreia@redhat.com> - 7-6
|
||||
- Exit with success unless the issue was with with tangd itself
|
||||
Resolves: rhbz#1828558
|
||||
|
||||
Loading…
Reference in New Issue
Block a user