aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2024-01-18 08:22:20 +0000
committerCy Schubert <cy@FreeBSD.org>2024-01-18 15:12:14 +0000
commit0990136ed1753ac7837206f9c5f4b83ccff6c405 (patch)
tree7628f56915dbd8805907042b3c01eff5d733a429
parent70445a8061226ad46a7079ce8ad96e89ae45d6c5 (diff)
downloadsrc-0990136ed1753ac7837206f9c5f4b83ccff6c405.tar.gz
src-0990136ed1753ac7837206f9c5f4b83ccff6c405.zip
kerberos5: Mitigate the possibility of using an old libcrypto
By using the full library name (libcrypto.so.30) we avoid the exposure of using an old, possibly vulnerable, library. Reported by: jrtc27 MFC after: 3 days X-MFC with: 476d63e091c2 Fixes: 476d63e091c2
Diffstat
-rw-r--r--kerberos5/lib/libroken/fbsd_ossl_provider_load.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
index 497b32124f96..2328041bc166 100644
--- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c
@@ -5,6 +5,7 @@
#include <openssl/provider.h>
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
+#define CRYPTO_LIBRARY "/lib/libcrypto.so.30"
static void fbsd_ossl_provider_unload(void);
static void print_dlerror(char *);
static OSSL_PROVIDER *legacy;
@@ -46,7 +47,7 @@ fbsd_ossl_provider_load(void)
{
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
if (crypto_lib_handle == NULL) {
- if (!(crypto_lib_handle = dlopen("/usr/lib/libcrypto.so",
+ if (!(crypto_lib_handle = dlopen(CRYPTO_LIBRARY,
RTLD_LAZY|RTLD_GLOBAL))) {
print_dlerror("Unable to load libcrypto.so");
return (EINVAL);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 00:23:07 +0000