mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-30 05:36:10 +00:00
kerberos5: Mitigate the possibility of using an old libcrypto
By using the full library name (libcrypto.so.30) we avoid the exposure of using an old, possibly vulnerable, library. Reported by: jrtc27 MFC after: 3 days X-MFC with:476d63e091
Fixes:476d63e091
This commit is contained in:
parent
70445a8061
commit
0990136ed1
|
@ -5,6 +5,7 @@
|
||||||
#include <openssl/provider.h>
|
#include <openssl/provider.h>
|
||||||
|
|
||||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
|
#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
|
||||||
static void fbsd_ossl_provider_unload(void);
|
static void fbsd_ossl_provider_unload(void);
|
||||||
static void print_dlerror(char *);
|
static void print_dlerror(char *);
|
||||||
static OSSL_PROVIDER *legacy;
|
static OSSL_PROVIDER *legacy;
|
||||||
|
@ -46,7 +47,7 @@ fbsd_ossl_provider_load(void)
|
||||||
{
|
{
|
||||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||||
if (crypto_lib_handle == NULL) {
|
if (crypto_lib_handle == NULL) {
|
||||||
if (!(crypto_lib_handle = dlopen("/usr/lib/libcrypto.so",
|
if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY,
|
||||||
RTLD_LAZY|RTLD_GLOBAL))) {
|
RTLD_LAZY|RTLD_GLOBAL))) {
|
||||||
print_dlerror("Unable to load libcrypto.so");
|
print_dlerror("Unable to load libcrypto.so");
|
||||||
return (EINVAL);
|
return (EINVAL);
|
||||||
|
|
Loading…
Reference in a new issue