diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2012-01-21 14:26:36 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2012-01-21 14:26:36 +1300 |
| commit | c6150cc1980ecb38264994797deb08a5185445f8 (patch) | |
| tree | 5c3b6e0f59326b5f716f05b3a18aed6b43658605 /libmproxy | |
| parent | d5e3722c97c2094032fe02095c3b8f7cb4df87c3 (diff) | |
| download | mitmproxy-c6150cc1980ecb38264994797deb08a5185445f8.tar.gz mitmproxy-c6150cc1980ecb38264994797deb08a5185445f8.tar.bz2 mitmproxy-c6150cc1980ecb38264994797deb08a5185445f8.zip | |
Address an issue that allows a malicious client to place certificate files in arbitrary directories.
Thanks to David Black (disclosure@d1b.org) for pointing this out.
Diffstat (limited to 'libmproxy')
| -rw-r--r-- | libmproxy/controller.py | 6 | ||||
| -rw-r--r-- | libmproxy/utils.py | 9 |
2 files changed, 8 insertions, 7 deletions
diff --git a/libmproxy/controller.py b/libmproxy/controller.py index 67ce2460..7607d6d6 100644 --- a/libmproxy/controller.py +++ b/libmproxy/controller.py @@ -1,15 +1,15 @@ # Copyright (C) 2010 Aldo Cortesi -# +# # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. diff --git a/libmproxy/utils.py b/libmproxy/utils.py index 108a99cb..4e53e6ce 100644 --- a/libmproxy/utils.py +++ b/libmproxy/utils.py @@ -13,7 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import re, os, subprocess, datetime, urlparse, string -import time, functools, cgi, textwrap +import time, functools, cgi, textwrap, hashlib import json CERT_SLEEP_TIME = 1 @@ -275,12 +275,13 @@ def dummy_cert(certdir, ca, commonname): Returns cert path if operation succeeded, None if not. """ - certpath = os.path.join(certdir, commonname + ".pem") + namehash = hashlib.sha256(commonname).hexdigest() + certpath = os.path.join(certdir, namehash + ".pem") if os.path.exists(certpath): return certpath - confpath = os.path.join(certdir, commonname + ".cnf") - reqpath = os.path.join(certdir, commonname + ".req") + confpath = os.path.join(certdir, namehash + ".cnf") + reqpath = os.path.join(certdir, namehash + ".req") template = open(pkg_data.path("resources/cert.cnf")).read() f = open(confpath, "w") |