Merge branch 'trusted-certs-whitelist-sym' into 'master'
Ignore whitelisted files when they are within a symlinked directory Fixes: https://gitlab.com/gitlab-org/gitlab-ce/issues/20476 Keeping the realpath check allows us to ignore symlinks that point to the cacert, if the user ran c_rehash themselves int he certs directory, the non realpath version works if the whitelisted file itself is a symlink, or rather, is within a symlinked directory. See merge request !907
This commit is contained in:
commit
97493919d0
|
@ -13,6 +13,7 @@ omnibus-gitlab repository.
|
|||
8.10.4
|
||||
|
||||
- Revert Host and X-Forwarded-Host headers in NGINX 9ac08
|
||||
- Better handle the ssl certs whitelisted files when the directory has been symlinked
|
||||
|
||||
8.10.3
|
||||
|
||||
|
|
|
@ -458,7 +458,7 @@ class CertificateHelper
|
|||
def move_existing_certificates
|
||||
Dir.glob(File.join(@omnibus_certs_dir, "*")) do |file|
|
||||
case
|
||||
when !valid?(file),whitelisted_files.include?(File.realpath(file))
|
||||
when !valid?(file),whitelisted?(file)
|
||||
next
|
||||
when is_x509_certificate?(file)
|
||||
move_certificate(file)
|
||||
|
@ -468,6 +468,10 @@ class CertificateHelper
|
|||
end
|
||||
end
|
||||
|
||||
def whitelisted?(file)
|
||||
whitelisted_files.include?(file) || whitelisted_files.include?(File.realpath(file))
|
||||
end
|
||||
|
||||
def valid?(file)
|
||||
exists = File.exists?(file)
|
||||
FileUtils.rm_f(file) if File.symlink?(file) && !exists
|
||||
|
|
Loading…
Reference in New Issue