File openssl-CVE-2022-1292.patch of Package openssl-1_1

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2022-1292.patch of Package openssl-1_1 (Revision 3d3c7a179ef13275c1cd00bb59468648)

Currently displaying revision 3d3c7a179ef13275c1cd00bb59468648 , Show latest

diff --git a/tools/c_rehash.in b/tools/c_rehash.in
index e658222..02aef36 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -152,6 +152,23 @@ sub check_file {
 	return ($is_cert, $is_crl);
 }
 
+sub compute_hash {
+    my $fh;
+    if ( $^O eq "VMS" ) {
+        # VMS uses the open through shell
+        # The file names are safe there and list form is unsupported
+        if (!open($fh, "-|", join(' ', @_))) {
+            print STDERR "Cannot compute hash on '$fname'\n";
+            return;
+        }
+    } else {
+        if (!open($fh, "-|", @_)) {
+            print STDERR "Cannot compute hash on '$fname'\n";
+            return;
+        }
+    }
+    return (<$fh>, <$fh>);
+}
 
 # Link a certificate to its subject name hash value, each hash is of
 # the form <hash>.<n> where n is an integer. If the hash value already exists
@@ -161,10 +178,12 @@ sub check_file {
 
 sub link_hash_cert {
 		my $fname = $_[0];
-		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
+						   "-fingerprint", "-noout",
+						   "-in", $fname);
 		chomp $hash;
 		chomp $fprint;
+		return if !$hash;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;
@@ -202,10 +221,12 @@ sub link_hash_cert {
 
 sub link_hash_crl {
 		my $fname = $_[0];
-		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+						   "-fingerprint", "-noout",
+						   "-in", $fname);
 		chomp $hash;
 		chomp $fprint;
+		return if !$hash;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;

Places

File openssl-CVE-2022-1292.patch of Package openssl-1_1 (Revision 3d3c7a179ef13275c1cd00bb59468648)

Places