deepend/zoitechat
1
0
Fork 0
mirror of https://github.com/ZoiteChat/zoitechat.git synced 2026-03-31 09:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize OpenSSL env for client cert actions

Browse Source
This commit is contained in:
deepend-tildeclub
2026-03-30 11:57:58 -06:00
parent 97dd7c5d57
commit 0f508bf438
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/fe-gtk/servlistgui.c
View File

@@ -252,6 +252,7 @@ servlist_generate_client_cert_cb (GtkWidget *button, gpointer userdata)
gboolean success; gboolean success;
gint status; gint status;
char *argv[20]; char *argv[20];
char **envp;
if (!net || !net->name || !net->name[0]) if (!net || !net->name || !net->name[0])
return; return;
@@ -274,6 +275,7 @@ servlist_generate_client_cert_cb (GtkWidget *button, gpointer userdata)
crt_len = 0; crt_len = 0;
success = FALSE; success = FALSE;
status = 0; status = 0;
envp = g_environ_unsetenv (g_get_environ (), "LD_LIBRARY_PATH");
if (g_mkdir_with_parents (cert_dir, 0700) == 0 && if (g_mkdir_with_parents (cert_dir, 0700) == 0 &&
g_file_set_contents (openssl_conf, conf_data, -1, NULL)) g_file_set_contents (openssl_conf, conf_data, -1, NULL))
@@ -299,7 +301,7 @@ servlist_generate_client_cert_cb (GtkWidget *button, gpointer userdata)
argv[18] = subject; argv[18] = subject;
argv[19] = NULL; argv[19] = NULL;
spawned = g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, spawned = g_spawn_sync (NULL, argv, envp, G_SPAWN_SEARCH_PATH, NULL, NULL,
&stdout_data, &stderr_data, &status, NULL); &stdout_data, &stderr_data, &status, NULL);
if (spawned && g_spawn_check_exit_status (status, NULL) && if (spawned && g_spawn_check_exit_status (status, NULL) &&
g_file_get_contents (key_file, &key_data, &key_len, NULL) && g_file_get_contents (key_file, &key_data, &key_len, NULL) &&
@@ -354,6 +356,7 @@ servlist_generate_client_cert_cb (GtkWidget *button, gpointer userdata)
g_free (openssl_conf); g_free (openssl_conf);
g_free (cert_file); g_free (cert_file);
g_free (cert_dir); g_free (cert_dir);
g_strfreev (envp);
#else #else
return; return;
#endif #endif
@@ -371,6 +374,7 @@ servlist_cert_info_cb (GtkWidget *button, gpointer userdata)
gboolean spawned; gboolean spawned;
gint status; gint status;
char *argv[12]; char *argv[12];
char **envp;
cert_file = servlist_get_cert_file (net); cert_file = servlist_get_cert_file (net);
if (!cert_file) if (!cert_file)
@@ -379,6 +383,7 @@ servlist_cert_info_cb (GtkWidget *button, gpointer userdata)
stdout_data = NULL; stdout_data = NULL;
stderr_data = NULL; stderr_data = NULL;
status = 0; status = 0;
envp = g_environ_unsetenv (g_get_environ (), "LD_LIBRARY_PATH");
argv[0] = "openssl"; argv[0] = "openssl";
argv[1] = "x509"; argv[1] = "x509";
argv[2] = "-in"; argv[2] = "-in";
@@ -392,7 +397,7 @@ servlist_cert_info_cb (GtkWidget *button, gpointer userdata)
argv[10] = "-sha256"; argv[10] = "-sha256";
argv[11] = NULL; argv[11] = NULL;
spawned = g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, spawned = g_spawn_sync (NULL, argv, envp, G_SPAWN_SEARCH_PATH, NULL, NULL,
&stdout_data, &stderr_data, &status, NULL); &stdout_data, &stderr_data, &status, NULL);
if (spawned && g_spawn_check_exit_status (status, NULL) && stdout_data && stdout_data[0]) if (spawned && g_spawn_check_exit_status (status, NULL) && stdout_data && stdout_data[0])
@@ -423,6 +428,7 @@ servlist_cert_info_cb (GtkWidget *button, gpointer userdata)
g_free (stdout_data); g_free (stdout_data);
g_free (stderr_data); g_free (stderr_data);
g_free (cert_file); g_free (cert_file);
g_strfreev (envp);
#else #else
return; return;
#endif #endif