You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Subject: Patch for mod_ucam_webauth
Date: Mon, 2 Jan 2012 18:29:06 +0000 (GMT)
To: [email protected]
From: "P. Benie" [email protected]
Download (untitled) [text/plain 518b]
Hi,
Please find a patch, enclosed, which fixes a problem with the sanity check
in ForceInteract (it could never have worked as written) and does some
sanity checking on key ID before feeding it into RSA_sig_verify;
the patch guarantees that only only files in can be reached.
The lack of checking on key ID can't be exploited on any normal
configuration - there would have to be a directory named with the right
prefix for there to be a problem, but I think it's better to program
defensively.
RAVEN092 in master TODO list
The text was updated successfully, but these errors were encountered: