Maj terminée. Pour consulter la release notes associée voici le lien :
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

Commit 8ab43f18 authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Check public credentials when importing an election

parent 8e96ccde
......@@ -226,6 +226,15 @@ module Make (C : CONFIG) : SITE = struct
failwith "Public keys are invalid.";
if not G.(R.W.election.e_params.e_public_key =~ KG.combine pks) then
failwith "Public keys mismatch with election public key.";
let public_creds = Lwt_io.lines_of_file f.f_public_creds in
lwt () = Lwt_stream.(
clone public_creds |>
iter_s (fun x ->
if not G.(check @@ of_string x) then (
Lwt.fail @@ Failure "Public credentials are invalid."
) else return ()
)
) in
let module R = struct
let discard () = Lwt_mutex.unlock registration_mutex
let register () =
......@@ -246,7 +255,7 @@ module Make (C : CONFIG) : SITE = struct
Printf.sprintf "Injecting credentials for %s" uuid
)
in
Lwt_io.lines_of_file f.f_public_creds |>
public_creds |>
Lwt_stream.iter_s W.B.inject_cred >>
W.B.update_files () >>
Ocsipersist.add election_ptable uuid (raw_election, web_params) >>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment