aboutsummaryrefslogtreecommitdiffstats
path: root/client
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-29 22:47:24 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-29 22:47:24 +0200
commit3a9a58b9556c4ccd07c10429c040e6c98781fd45 (patch)
tree7058ff1bfebb25d247111428d194a828e1cac253 /client
parentc8e2cd230a90b58b7e962f658fafb2d1306a579d (diff)
parentd93660085ceba3f81631bba4744b23af7984cd9d (diff)
Merge branch 'master' into debian
Diffstat (limited to 'client')
-rwxr-xr-xclient18
1 files changed, 11 insertions, 7 deletions
diff --git a/client b/client
index cd94ed8..333ae3b 100755
--- a/client
+++ b/client
@@ -44,10 +44,13 @@ use warnings;
my $PROTOCOL_VERSION = 1;
-use LWP::UserAgent ();
+use Errno 'EEXIST';
+use Fcntl qw/O_CREAT O_EXCL O_WRONLY/;
+use Digest::SHA qw/sha256 sha256_hex/;
use MIME::Base64 qw/encode_base64 encode_base64url/;
+
+use LWP::UserAgent ();
use JSON ();
-use Digest::SHA qw/sha256 sha256_hex/;
use Config::Tiny ();
@@ -266,18 +269,19 @@ elsif ($COMMAND eq 'new-cert') {
@{request_json_decode($r)->{challenges} // []};
die "Missing 'http-01' challenge in server response" unless defined $challenge;
die "Invalid challenge token ".($challenge->{token} // '')."\n"
+ # ensure we don't write outside the cwd
unless ($challenge->{token} // '') =~ /\A[A-Za-z0-9_\-]+\z/;
my $keyAuthorization = $challenge->{token}.'.'.$JWK_thumbprint;
# serve $keyAuthorization at http://$domain/.well-known/acme-challenge/$challenge->{token}
- if (-e $challenge->{token}) {
- print STDERR "WARNING: File exists: $challenge->{token}\n";
- }
- else {
- open my $fh, '>', $challenge->{token} or die "Can't open $challenge->{token}: $!";
+ if (sysopen(my $fh, $challenge->{token}, O_CREAT|O_EXCL|O_WRONLY, 0644)) {
$fh->print($keyAuthorization);
$fh->close() or die "Can't close: $!";
+ } elsif ($! == EEXIST) {
+ print STDERR "WARNING: File exists: $challenge->{token}\n";
+ } else {
+ die "Can't open $challenge->{token}: $!";
}
$r = acme($challenge->{uri}, {