summaryrefslogtreecommitdiffstats
path: root/src/plugins/preauth
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/preauth')
-rw-r--r--src/plugins/preauth/pkinit/pkinit_crypto_openssl.c1
-rw-r--r--src/plugins/preauth/pkinit/pkinit_lib.c2
2 files changed, 3 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 1859b4f1a..e7e04d8ee 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -3736,6 +3736,7 @@ pkinit_get_certs_pkcs12(krb5_context context,
idopts->cert_filename, errno);
goto cleanup;
}
+ set_cloexec_file(fp);
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c
index f49ef5ebf..046e3e264 100644
--- a/src/plugins/preauth/pkinit/pkinit_lib.c
+++ b/src/plugins/preauth/pkinit/pkinit_lib.c
@@ -470,6 +470,8 @@ print_buffer_bin(unsigned char *buf, unsigned int len, char *filename)
if ((f = fopen(filename, "w")) == NULL)
return;
+ set_cloexec_file(f);
+
for (i = 0; i < len; i++)
fputc(buf[i], f);
generated by cgit (git 2.34.1) at 2026-04-08 03:51:11 +0000