mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-30 05:36:10 +00:00
kerberos5: Mitigate the possibility of using an old libcrypto
By using the full library name (libcrypto.so.30) we avoid the exposure of using an old, possibly vulnerable, library. Reported by: jrtc27 MFC after: 3 days X-MFC with:476d63e091
Fixes:476d63e091
This commit is contained in:
parent
70445a8061
commit
0990136ed1
|
@ -5,6 +5,7 @@
|
|||
#include <openssl/provider.h>
|
||||
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
|
||||
static void fbsd_ossl_provider_unload(void);
|
||||
static void print_dlerror(char *);
|
||||
static OSSL_PROVIDER *legacy;
|
||||
|
@ -46,7 +47,7 @@ fbsd_ossl_provider_load(void)
|
|||
{
|
||||
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
||||
if (crypto_lib_handle == NULL) {
|
||||
if (!(crypto_lib_handle = dlopen("/usr/lib/libcrypto.so",
|
||||
if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY,
|
||||
RTLD_LAZY|RTLD_GLOBAL))) {
|
||||
print_dlerror("Unable to load libcrypto.so");
|
||||
return (EINVAL);
|
||||
|
|
Loading…
Reference in a new issue