CVSROOT: /cvs Module name: src Changes by: flor...@cvs.openbsd.org 2022/05/05 13:51:35
Modified files:
usr.sbin/acme-client: chngproc.c main.c
Log message:
Check that the challenge token which is turned into a filename is
base64url encoded.
We have only the challenge directory unveil(2)'ed so funny business
like ../ will not work, but we shouldn't generate garbage filenames
that someone else might trip over either.
Pointed out and diff by Ali Farzanrad (ali_farzanrad AT riseup.net)
OK beck
