summaryrefslogtreecommitdiffstats
path: root/source4/lib
diff options
context:
space:
mode:
authorBjörn Baumbach <bb@sernet.de>2013-10-29 17:52:39 +0100
committerKarolin Seeger <kseeger@samba.org>2013-11-11 11:14:36 +0100
commite0248cde8dcd82f348218665f5edd6b30cd3ef1f (patch)
tree69c68fd1cd93c2d155e8246c551e59ed9508c34d /source4/lib
parentcf29fb2cf4727466ccbd6f0ca8d5d4cb75666d99 (diff)
downloadsamba-e0248cde8dcd82f348218665f5edd6b30cd3ef1f.tar.gz
samba-e0248cde8dcd82f348218665f5edd6b30cd3ef1f.tar.xz
samba-e0248cde8dcd82f348218665f5edd6b30cd3ef1f.zip
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4/lib')
-rw-r--r--source4/lib/tls/tlscert.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c
index 0c780ea2f3..8a19e0a230 100644
--- a/source4/lib/tls/tlscert.c
+++ b/source4/lib/tls/tlscert.c
@@ -152,7 +152,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx,
bufsize = sizeof(buf);
TLSCHECK(gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &bufsize));
- if (!file_save(keyfile, buf, bufsize)) {
+ if (!file_save_mode(keyfile, buf, bufsize, 0600)) {
DEBUG(0,("Unable to save privatekey in %s parent dir exists ?\n", keyfile));
goto failed;
}