diff options
author | Björn Baumbach <bb@sernet.de> | 2013-10-29 17:52:39 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-11-08 10:54:54 +0100 |
commit | 2ca3eae4c50316a723ca9fcf8ec766d8b40b3908 (patch) | |
tree | a0dc9f88f03df42e0517d1365cd736782b12f616 /source4 | |
parent | bc067d06682b796ab7abf6a05f103e7ebe0a4cef (diff) | |
download | samba-2ca3eae4c50316a723ca9fcf8ec766d8b40b3908.tar.gz |
CVE-2013-4476: s4:libtls: Create tls private key file (key.pem) with mode 0600
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/lib/tls/tlscert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c index 0c780ea2f3..8a19e0a230 100644 --- a/source4/lib/tls/tlscert.c +++ b/source4/lib/tls/tlscert.c @@ -152,7 +152,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, bufsize = sizeof(buf); TLSCHECK(gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &bufsize)); - if (!file_save(keyfile, buf, bufsize)) { + if (!file_save_mode(keyfile, buf, bufsize, 0600)) { DEBUG(0,("Unable to save privatekey in %s parent dir exists ?\n", keyfile)); goto failed; } |