kerberos5: Mitigate the possibility of using an old libcrypto

By using the full library name (libcrypto.so.30) we avoid the exposure of using an old, possibly vulnerable, library. Reported by: jrtc27 MFC after: 3 days X-MFC with: 476d63e091 Fixes: 476d63e091
2024-06-29 06:54:50 +00:00 · 2024-01-18 00:22:20 -08:00 · 2024-01-18 00:22:20 -08:00 · 0990136ed1
commit 0990136ed1
parent 70445a8061
1 changed files with 2 additions and 1 deletions
--- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
@ -5,6 +5,7 @@
 #include <openssl/provider.h>

 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
 static void fbsd_ossl_provider_unload(void);
 static void print_dlerror(char *);
 static OSSL_PROVIDER *legacy;
@ -46,7 +47,7 @@ fbsd_ossl_provider_load(void)
 {
 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
 	if (crypto_lib_handle == NULL) {
-		if (!(crypto_lib_handle = dlopen("/usr/lib/libcrypto.so",
+		if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY,
 		    RTLD_LAZY|RTLD_GLOBAL))) {
 			print_dlerror("Unable to load libcrypto.so");
 			return (EINVAL);