]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8b467ad)
charon-nm: Pass configured user when connecting to SSH/GPG agent
authorTobias Brunner <tobias@strongswan.org>
Tue, 2 Dec 2025 15:17:36 +0000 (16:17 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 10 Dec 2025 17:34:19 +0000 (18:34 +0100)
This prevents an attack similar to the one fixed previously where a
user passes the path to credentials of another user, in this case the
path to the agent socket of that user.

src/charon-nm/nm/nm_service.c patch | blob | blame | history

diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index d24e7b29e46254906b542e5c5d3c8d6dfe9d0132..50a65e9457ce028ddac763c6b2ed5fd9ceee7a9b 100644 (file)
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -637,6 +637,7 @@ static bool add_auth_cfg_cert(NMStrongswanPluginPrivate *priv,
                                private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
                                                                                         public->get_type(public),
                                                                                         BUILD_AGENT_SOCKET, str,
+                                                                                        BUILD_AGENT_USER, user,
                                                                                         BUILD_PUBLIC_KEY, public,
                                                                                         BUILD_END);
                                public->destroy(public);
Unnamed repository; edit this file 'description' to name the repository.