diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2022-05-05 19:51:36 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2022-05-05 19:51:36 +0000 |
| commit | 25af1cde5fccc04cbfef28f9bcafc9c4153fec4e (patch) | |
| tree | 13a024753e2b0fd16d72aa2aff609c7ee7afd6e9 /usr.sbin/acme-client | |
| parent | f71abf9517e34a88facb930683cfdcc3966c6604 (diff) | |
Check that the challenge token which is turned into a filename is
base64url encoded.
We have only the challenge directory unveil(2)'ed so funny business
like ../ will not work, but we shouldn't generate garbage filenames
that someone else might trip over either.
Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net)
OK beck
Diffstat (limited to 'usr.sbin/acme-client')
| -rw-r--r-- | usr.sbin/acme-client/chngproc.c | 15 | ||||
| -rw-r--r-- | usr.sbin/acme-client/main.c | 6 |
2 files changed, 19 insertions, 2 deletions
diff --git a/usr.sbin/acme-client/chngproc.c b/usr.sbin/acme-client/chngproc.c index 0cbfaf27c31..63c0d4dc25d 100644 --- a/usr.sbin/acme-client/chngproc.c +++ b/usr.sbin/acme-client/chngproc.c @@ -1,4 +1,4 @@ -/* $Id: chngproc.c,v 1.16 2021/07/12 15:09:20 beck Exp $ */ +/* $Id: chngproc.c,v 1.17 2022/05/05 19:51:35 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -16,6 +16,7 @@ */ #include <assert.h> +#include <ctype.h> #include <err.h> #include <errno.h> #include <fcntl.h> @@ -77,6 +78,18 @@ chngproc(int netsock, const char *root) goto out; else if ((tok = readstr(netsock, COMM_TOK)) == NULL) goto out; + else if (strlen(tok) < 1) { + warnx("token is too short"); + goto out; + } + + for (i = 0; tok[i]; ++i) { + int ch = (unsigned char)tok[i]; + if (!isalnum(ch) && ch != '-' && ch != '_') { + warnx("token is not a valid base64url"); + goto out; + } + } if (asprintf(&fmt, "%s.%s", tok, th) == -1) { warn("asprintf"); diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c index 65ea2cf3ac3..bec17254297 100644 --- a/usr.sbin/acme-client/main.c +++ b/usr.sbin/acme-client/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.54 2020/05/10 12:06:18 benno Exp $ */ +/* $Id: main.c,v 1.55 2022/05/05 19:51:35 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -20,6 +20,7 @@ #include <ctype.h> #include <err.h> #include <libgen.h> +#include <locale.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -56,6 +57,9 @@ main(int argc, char *argv[]) struct domain_c *domain = NULL; struct altname_c *ac; + if (setlocale(LC_CTYPE, "C") == NULL) + errx(1, "setlocale"); + while ((c = getopt(argc, argv, "Fnrvf:")) != -1) switch (c) { case 'F': |