bugreport (?)
Hello,
sorry for my english.
Description
--------------------
In the tool c_rehash (script in the Perl) is not file name escaped
and this tool fails on the file with "bad characters" (for example
space)
in the name. Reason should be visible in the patch bellow (the `
problem).
Example
--------------------
$ ls -1 *.pem
test BAD.pem
test-3.pem
$ c_rehash .
fails on the file `test BAD.pem'
Another example with command execution
$ ls -1
test-1
test-1;sleep 100 #.pem
test-3.pem
$ c_rehash .
sleeps and pstree shows
bash---c_rehash---sh---sleep
Patch atempt
-------------------
NOTE:
I am _NOT_ sure, that my solution is OK in all cases and all systems.
May be is better be more restrictive and allow only filenames with
[-\@\w.]
or something similar.
--- /usr/bin/c_rehash Tue Jul 30 18:49:07 2002
+++ ./c_rehash Tue Aug 27 12:51:56 2002
@@ -100,7 +100,8 @@
sub link_hash_cert {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl x509 -hash -fingerprint
-noout -in $fname`;
+ $fname =~ s/'/''/g;
+ my ($hash, $fprint) = `$openssl x509 -hash -fingerprint
-noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
@@ -130,7 +131,8 @@
sub link_hash_crl {
my $fname = $_[0];
- my ($hash, $fprint) = `$openssl crl -hash -fingerprint
-noout -in $fname`;
+ $fname =~ s/'/''/g;
+ my ($hash, $fprint) = `$openssl crl -hash -fingerprint
-noout -in '$fname'`;
chomp $hash;
chomp $fprint;
$fprint =~ s/^.*=//;
Tested version
-------------------
OpenSSL 0.9.6e 30 Jul 2002
built on: Tue Jul 30 18:39:21 CEST 2002
platform: debian-i386
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
blowfish(idx)
compiler: gcc -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DNO_IDEA -DNO_MDC2 -DNO_RC5 -DL_ENDIAN -DTERMIO -O3
-fomit-frame-pointer -Wall
OpenSSL is great,
Alois Vitasek
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
