36 lines
1.1 KiB
C++
36 lines
1.1 KiB
C++
$NetBSD: patch-src_bin_softhsm-keyconv.cpp,v 1.1 2014/11/18 13:40:57 he Exp $
|
|
|
|
Adapt fix for SA59651, similar to CVE-2014-3209, from
|
|
https://github.com/bellgrim/SoftHSMv2/commit/492447cd4a2be449e99fb9ad2519ea3277aaad28
|
|
Ensure created pkcs8 file is not group- or world-readable.
|
|
|
|
--- src/bin/softhsm-keyconv.cpp.orig 2014-05-28 05:59:14.000000000 +0000
|
|
+++ src/bin/softhsm-keyconv.cpp
|
|
@@ -48,6 +48,10 @@
|
|
#include <iostream>
|
|
#include <fstream>
|
|
#include <stdint.h>
|
|
+#include <errno.h>
|
|
+#include <sys/types.h>
|
|
+#include <sys/stat.h>
|
|
+#include <fcntl.h>
|
|
|
|
void usage() {
|
|
printf("Converting between BIND .private-key format and PKCS#8 key file format.\n");
|
|
@@ -391,6 +395,15 @@ int to_pkcs8(char *in_path, char *out_pa
|
|
return 1;
|
|
}
|
|
|
|
+ // Create and set file permissions if the file does not exist.
|
|
+ int fd = open(out_path, O_CREAT, S_IRUSR | S_IWUSR);
|
|
+ if (fd == -1) {
|
|
+ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n",
|
|
+ out_path, errno);
|
|
+ return 1;
|
|
+ }
|
|
+ ::close(fd);
|
|
+
|
|
// Save the the key to the disk
|
|
switch(algorithm) {
|
|
case DNS_KEYALG_ERROR:
|