summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenny Baumann <BenBE@geshi.org>2014-04-19 00:45:45 +0200
committerBenny Baumann <BenBE@geshi.org>2014-04-19 00:45:45 +0200
commit1ea66e9941de9ba571534a172a5f3810083b41e3 (patch)
treee286883ce9b0f9e37055a714220f19bd9afdf48a
parentec1b6811761f7064c09f66b8ab37810b5737fe33 (diff)
parent066a02232fca9338c990a00bb696a6a51f2fd542 (diff)
downloadcacert-devel-1ea66e9941de9ba571534a172a5f3810083b41e3.tar.gz
cacert-devel-1ea66e9941de9ba571534a172a5f3810083b41e3.tar.xz
cacert-devel-1ea66e9941de9ba571534a172a5f3810083b41e3.zip
Merge branch 'bug-1272' into testserver-stable
-rw-r--r--includes/account.php37
-rwxr-xr-xscripts/cron/warning.php3
-rwxr-xr-xscripts/scanforexponents.php5
-rw-r--r--www/api/ccsr.php4
4 files changed, 31 insertions, 18 deletions
diff --git a/includes/account.php b/includes/account.php
index cf9e2a3..b50c3ac 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -402,7 +402,8 @@ function buildSubjectFromSession() {
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
+ $CSRname_esc = escapeshellarg($CSRname);
+ $res=`openssl spkac -verify -in $CSRname_esc`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@@ -464,7 +465,9 @@ function buildSubjectFromSession() {
$csrsubject .= "/emailAddress = ".$user['uniqueID'];
$tmpname = tempnam("/tmp", "id4csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`; // -subj "$csr"`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`; // -subj "$csr"`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -741,9 +744,9 @@ function buildSubjectFromSession() {
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -912,8 +915,9 @@ function buildSubjectFromSession() {
$newid = mysql_insert_id();
$newfile=generatecertpath("csr","server",$newid);
copy($row['csr_name'], $newfile);
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$newfile"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $newfile_esc = escapeshellarg($newfile);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $newfile_esc |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -942,7 +946,8 @@ function buildSubjectFromSession() {
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crt_name = escapeshellarg($drow['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crt_name`;
echo "<pre>\n$cert\n</pre>\n";
}
}
@@ -1584,7 +1589,8 @@ function buildSubjectFromSession() {
fputs($fp, $emails);
fclose($fp);
$challenge=$_SESSION['spkac_hash'];
- $res=`openssl spkac -verify -in $CSRname`;
+ $CSRname_esc = escapeshellarg($CSRName);
+ $res=`openssl spkac -verify -in $CSRname_esc`;
if(!strstr($res,"Challenge String: ".$challenge))
{
$id = $oldid;
@@ -1636,7 +1642,9 @@ function buildSubjectFromSession() {
$csrsubject .= "/countryName=".$org['C'];
$tmpname = tempnam("/tmp", "id17csr");
- $do = `/usr/bin/openssl req -in $tmpfname -out $tmpname`;
+ $tmpfname_esc = escapeshellarg($tmpfname);
+ $tmpname_esc = escapeshellarg($tmpname);
+ $do = `/usr/bin/openssl req -in $tmpfname_esc -out $tmpname_esc`;
@unlink($tmpfname);
$csr = "";
$fp = fopen($tmpname, "r");
@@ -1893,9 +1901,9 @@ function buildSubjectFromSession() {
$fp = fopen($_SESSION['_config']['tmpfname'], "w");
fputs($fp, $CSR);
fclose($fp);
- $CSR = $_SESSION['_config']['tmpfname'];
- $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep "Subject:"`);
- $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in "$CSR"|tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
+ $CSR = escapeshellarg($_SESSION['_config']['tmpfname']);
+ $_SESSION['_config']['subject'] = trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep "Subject:"`);
+ $bits = explode(",", trim(`/usr/bin/openssl req -text -noout -in $CSR |tr -d "\\0"|grep -A1 'X509v3 Subject Alternative Name:'|grep DNS:`));
foreach($bits as $val)
{
$_SESSION['_config']['subject'] .= "/subjectAltName=".trim($val);
@@ -2117,7 +2125,8 @@ function buildSubjectFromSession() {
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
- $cert = `/usr/bin/openssl x509 -in $drow[crt_name]`;
+ $crtname = escapeshellarg($drow['crt_name']);
+ $cert = `/usr/bin/openssl x509 -in $crtname`;
echo "<pre>\n$cert\n</pre>\n";
}
}
diff --git a/scripts/cron/warning.php b/scripts/cron/warning.php
index 0cffc02..3022ffb 100755
--- a/scripts/cron/warning.php
+++ b/scripts/cron/warning.php
@@ -40,7 +40,8 @@
{
$row['crt_name'] = str_replace("../", "www/", $row['crt_name']);
$row['crt_name'] = "/home/cacert/".$row['crt_name'];
- $subject = `openssl x509 -in '$row[crt_name]' -text -noout|grep Subject:`;
+ $crt_name = escapeshellarg($row['crt_name']);
+ $subject = `openssl x509 -in $crt_name -text -noout|grep Subject:`;
$bits = explode("/", $subject);
foreach($bits as $val)
{
diff --git a/scripts/scanforexponents.php b/scripts/scanforexponents.php
index 7136723..388fe1e 100755
--- a/scripts/scanforexponents.php
+++ b/scripts/scanforexponents.php
@@ -29,10 +29,11 @@
if(!is_file($file))
continue;
+ $file_esc = escapeshellarg($file);
if(substr($file, -3) == "der")
- $do = trim(`openssl x509 -inform der -in $file -text -noout 2>&1 |grep 'Exponent'`);
+ $do = trim(`openssl x509 -inform der -in $file_esc -text -noout 2>&1 |grep 'Exponent'`);
else
- $do = trim(`openssl x509 -in $file -text -noout 2>&1 |grep 'Exponent'`);
+ $do = trim(`openssl x509 -in $file_esc -text -noout 2>&1 |grep 'Exponent'`);
if($do == "")
continue;
diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index aa33baa..2298356 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -73,7 +73,9 @@ require_once '../../includes/lib/check_weak_key.php';
$fp = fopen($incsr, "w");
fputs($fp, $CSR);
fclose($fp);
- $do = `/usr/bin/openssl req -in $incsr -out $checkedcsr`;
+ $incsr_esc = escapeshellarg($incsr);
+ $checkedcsr_esc = escapeshellarg($checkedcsr);
+ $do = `/usr/bin/openssl req -in $incsr_esc -out $checkedcsr_esc`;
@unlink($incsr);
if(filesize($checkedcsr) <= 0)
die("404,Invalid or missing CSR");