forked from pool/apache2-mod_nss
Petr Gajdos
3620ab2c4f
- update to 1.0.14 (fixes boo#973996)
* OpenSSL ciphers stopped parsing at +, CVE-2016-3099
* Created valgrind suppression files to ease debugging
* Implement SSL_PPTYPE_FILTER to call executables to get
the key password pins. Can be used to prompt with systemd.
* Improvements to migrate.pl
- drop mod_nss_migrate.pl and use upstream migrate script instead
* add mod_nss-migrate.patch
OBS-URL: https://build.opensuse.org/request/show/390295
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_nss?expand=0&rev=24
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
Index: nss_engine_pphrase.c
|
|
===================================================================
|
|
--- nss_engine_pphrase.c.orig 2016-04-15 20:27:59.000000000 +0200
|
|
+++ nss_engine_pphrase.c 2016-04-16 11:11:49.472862662 +0200
|
|
@@ -230,6 +230,7 @@ static char *nss_get_password(FILE *inpu
|
|
char line[1024];
|
|
unsigned char phrase[200];
|
|
int infd = fileno(input);
|
|
+ int tmpfd;
|
|
int isTTY = isatty(infd);
|
|
|
|
token_name = PK11_GetTokenName(slot);
|
|
@@ -351,6 +352,24 @@ static char *nss_get_password(FILE *inpu
|
|
if (pwdstr)
|
|
return pwdstr;
|
|
|
|
+ /* It happens that stdin is not opened with O_RDONLY. Better make sure
|
|
+ * it is and re-open /dev/tty.
|
|
+ */
|
|
+ close(infd); /* is 0 normally. open(2) will return first available. */
|
|
+ tmpfd = open("/dev/tty", O_RDONLY);
|
|
+ if( tmpfd == -1) {
|
|
+ fprintf(output, "Cannot open /dev/tty for reading the passphrase.\n");
|
|
+ nss_die();
|
|
+ }
|
|
+ if(tmpfd != infd) {
|
|
+ if( dup2(tmpfd, infd) != infd) {
|
|
+ fprintf(output, "Problem duplicating /dev/tty file descriptor.\n");
|
|
+ close(tmpfd);
|
|
+ nss_die();
|
|
+ }
|
|
+ close(tmpfd);
|
|
+ }
|
|
+
|
|
for (;;) {
|
|
/* Prompt for password */
|
|
if (isTTY) {
|