From 4f7969b562dee953c311f0d28b49ad2cf4ade2cf Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Wed, 8 Mar 2017 22:42:41 +0900 Subject: [PATCH] Check certificate/privkey readability not existence to fail RDP security negotiation if certificate/privkey is not readable --- libxrdp/xrdp_iso.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index 7cff94a3..469025cc 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -78,12 +78,12 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) case PROTOCOL_SSL: if (self->requestedProtocol & PROTOCOL_SSL) { - - if(!g_file_exist(client_info->certificate) || - !g_file_exist(client_info->key_file)) + if (!g_file_readable(client_info->certificate) || + !g_file_readable(client_info->key_file)) { - /* certificate file doesn't exist */ - LLOGLN(0, ("xrdp_iso_negotiate_security: TLS certificate not found on server")); + /* certificate or privkey is not readable */ + log_message(LOG_LEVEL_DEBUG, "No readable certificates or " + "private keys, cannot accept TLS connections"); self->failureCode = SSL_CERT_NOT_ON_SERVER; rv = 1; /* error */ } @@ -102,8 +102,8 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) case PROTOCOL_HYBRID_EX: default: if ((self->requestedProtocol & PROTOCOL_SSL) && - g_file_exist(client_info->certificate) && - g_file_exist(client_info->key_file)) + g_file_readable(client_info->certificate) && + g_file_readable(client_info->key_file)) { /* that's a patch since we don't support CredSSP for now */ self->selectedProtocol = PROTOCOL_SSL;