未验证 提交 4265e15e 编写于 作者: O openharmony_ci 提交者: Gitee

!49 fix CVE-2022-1292 (3.1release)

Merge pull request !49 from HaixiangW/cherry-pick-1652952329
...@@ -152,6 +152,23 @@ sub check_file { ...@@ -152,6 +152,23 @@ sub check_file {
return ($is_cert, $is_crl); return ($is_cert, $is_crl);
} }
sub compute_hash {
my $fh;
if ( $^O eq "VMS" ) {
# VMS uses the open through shell
# The file names are safe there and list form is unsupported
if (!open($fh, "-|", join(' ', @_))) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
} else {
if (!open($fh, "-|", @_)) {
print STDERR "Cannot compute hash on '$fname'\n";
return;
}
}
return (<$fh>, <$fh>);
}
# Link a certificate to its subject name hash value, each hash is of # Link a certificate to its subject name hash value, each hash is of
# the form <hash>.<n> where n is an integer. If the hash value already exists # the form <hash>.<n> where n is an integer. If the hash value already exists
...@@ -161,10 +178,12 @@ sub check_file { ...@@ -161,10 +178,12 @@ sub check_file {
sub link_hash_cert { sub link_hash_cert {
my $fname = $_[0]; my $fname = $_[0];
$fname =~ s/\"/\\\"/g; my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; "-fingerprint", "-noout",
"-in", $fname);
chomp $hash; chomp $hash;
chomp $fprint; chomp $fprint;
return if !$hash;
$fprint =~ s/^.*=//; $fprint =~ s/^.*=//;
$fprint =~ tr/://d; $fprint =~ tr/://d;
my $suffix = 0; my $suffix = 0;
...@@ -202,10 +221,12 @@ sub link_hash_cert { ...@@ -202,10 +221,12 @@ sub link_hash_cert {
sub link_hash_crl { sub link_hash_crl {
my $fname = $_[0]; my $fname = $_[0];
$fname =~ s/'/'\\''/g; my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; "-fingerprint", "-noout",
"-in", $fname);
chomp $hash; chomp $hash;
chomp $fprint; chomp $fprint;
return if !$hash;
$fprint =~ s/^.*=//; $fprint =~ s/^.*=//;
$fprint =~ tr/://d; $fprint =~ tr/://d;
my $suffix = 0; my $suffix = 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册