external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00
Code Issues Releases Wiki Activity

ensure malformed ssl certificate can't cause it to be written to an arbitrary path

Browse Source
This commit is contained in:
Joshua Tauberer 2015-11-29 14:04:37 +00:00
parent 766b98c4ad
commit be9efe0273
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
management/ssl_certificates.py
View File

@ -2,7 +2,7 @@
import os, os.path, re, shutil import os, os.path, re, shutil
from utils import shell from utils import shell, safe_domain_name
def get_ssl_certificates(env): def get_ssl_certificates(env):
# Scan all of the installed SSL certificates and map every domain # Scan all of the installed SSL certificates and map every domain
@ -170,7 +170,7 @@ def install_cert(domain, ssl_cert, ssl_chain, env):
cert = load_pem(load_cert_chain(fn)[0]) cert = load_pem(load_cert_chain(fn)[0])
all_domains, cn = get_certificate_domains(cert) all_domains, cn = get_certificate_domains(cert)
path = "%s-%s-%s.pem" % ( path = "%s-%s-%s.pem" % (
cn, # common name safe_domain_name(cn), # common name, which should be filename safe because it is IDNA-encoded, but in case of a malformed cert make sure it's ok to use as a filename
cert.not_valid_after.date().isoformat().replace("-", ""), # expiration date cert.not_valid_after.date().isoformat().replace("-", ""), # expiration date
hexlify(cert.fingerprint(hashes.SHA256())).decode("ascii")[0:8], # fingerprint prefix hexlify(cert.fingerprint(hashes.SHA256())).decode("ascii")[0:8], # fingerprint prefix
) )