From: Joe Orton <jorton@apache.org>
Date: Thu, 4 Jun 2026 07:52:10 +0000 (+0000)
Subject: fix: V-004 security vulnerability
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=85d1cb9a337d90884c07549093cf5381d86f3316;p=thirdparty%2Fapache%2Fhttpd.git

fix: V-004 security vulnerability

Automated security fix generated by OrbisAI Security
fix: the ctauditscts script constructs a command str... in ctauditscts

The ctauditscts script constructs a command string and passes it to os

Submitted by: orbisai0security <mediratta01.pally gmail.com>
Github: closes #664


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934967 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/support/ctauditscts b/support/ctauditscts
index 6f4c12d12d..44ebc5553b 100755
--- a/support/ctauditscts
+++ b/support/ctauditscts
@@ -20,6 +20,7 @@ import os
 import sqlite3
 import ssl
 import struct
+import subprocess
 import sys
 import tempfile
 
@@ -111,7 +112,7 @@ def audit(fn, tmp, already_checked, cur):
 
             already_checked[key] = True
 
-            log_url_arg = ''
+            log_url = None
             if cur:
                 stmt = 'SELECT * FROM loginfo WHERE log_id = ?'
                 cur.execute(stmt, [log_id_hex])
@@ -122,14 +123,15 @@ def audit(fn, tmp, already_checked, cur):
                     # verify_single_proof doesn't accept <scheme>://
                     if '://' in log_url:
                         log_url = log_url.split('://')[1]
-                    log_url_arg = '--log_url %s' % log_url
 
                     print '    Log URL: ' + log_url
 
-            cmd = 'verify_single_proof.py --cert %s --timestamp %s %s' % \
-                  (tmp_leaf_pem[1], timestamp_ms, log_url_arg)
-            print '>%s<' % cmd
-            os.system(cmd)
+            cmd = ['verify_single_proof.py', '--cert', tmp_leaf_pem[1],
+                   '--timestamp', str(timestamp_ms)]
+            if log_url:
+                cmd += ['--log_url', log_url]
+            print '>%s<' % ' '.join(cmd)
+            subprocess.call(cmd)
 
         os.unlink(tmp_leaf_pem[1])