Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
freeradius-server.7202
CVE-2017-9148.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-9148.patch of Package freeradius-server.7202
commit 8f53382c64114936a0433d68101a24570783e13a Author: Alan T. DeKok <aland@freeradius.org> Date: Mon May 8 16:00:01 2017 -0400 set S_IWUSER when creating the file, not later commit af030bd4e19c9149e2ffd898ad0c4dfde78c29be Author: Alan T. DeKok <aland@freeradius.org> Date: Mon May 8 16:38:56 2017 -0400 disable internal OpenSSL cache Index: freeradius-server-3.0.12/src/main/tls.c =================================================================== --- freeradius-server-3.0.12.orig/src/main/tls.c +++ freeradius-server-3.0.12/src/main/tls.c @@ -1382,7 +1382,7 @@ static int cbtls_new_session(SSL *ssl, S /* open output file */ snprintf(filename, sizeof(filename), "%s%c%s.asn1", conf->session_cache_path, FR_DIR_SEP, buffer); - fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600); + fd = open(filename, O_RDWR|O_CREAT|O_EXCL, S_IWUSR); if (fd < 0) { RERROR("Session serialisation failed, failed opening session file %s: %s", filename, fr_syserror(errno)); @@ -2929,9 +2929,9 @@ post_ca: } /* - * Cache it, and DON'T auto-clear it. + * Cache it, DON'T auto-clear it, and disable the internal OpenSSL session cache. */ - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR | SSL_SESS_CACHE_NO_INTERNAL); SSL_CTX_set_session_id_context(ctx, (unsigned char *) conf->session_context_id,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor