cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Implement warning thresholds for OpenPGP

Browse source 
This patch fixes https://bugs.cacert.org/view.php?id=1530 by adding the same
warning threshold behaviour for OpenPGP signing requests that exists for
X.509 signing requests.

The warning threshold has been moved to a variable. The SQL statements are
created using an sprintf statement to avoid potential SQL injections that may
get introduced by setting the warning_threshold variable to an invalid valid.

Fixes #1530
This commit is contained in:
Jan Dittberner 2021-06-20 19:21:04 +02:00 committed by Jan Dittberner
parent efe24df995
commit de3cf38c5d
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
CommModule/client.pl
View file

@ -40,6 +40,9 @@ my $paranoid=1;
my $debug=0;
# number of attempts before giving up
my $warn_threshold = 3;
#my $serialport="/dev/ttyS0";
my $serialport="/dev/ttyUSB0";
@ -734,7 +737,9 @@ sub HandleCerts($$)
SysLog "HandleCerts $table\n";
my $sth = $dbh->prepare("select * from $table where crt_name='' and csr_name!='' and warning<3");
my $sth = $dbh->prepare(sprintf(
"select * from %s where crt_name='' and csr_name!='' and warning<%d", $table, $warn_threshold
));
$sth->execute();
#$rowdata;
while ( my $rowdata = $sth->fetchrow_hashref() )
@ -904,7 +909,7 @@ sub HandleCerts($$)
else
{
SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n");
$dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'");
$dbh->do(sprintf("update %s set warning=warning+1 where id=%d", $table, $row{'id'}));
}
}
}
@ -1078,7 +1083,9 @@ sub sendRevokeMail()
sub HandleGPG()
{
my $sth = $dbh->prepare("select * from gpg where crt='' and csr!='' ");
my $sth = $dbh->prepare(sprintf(
"select * from gpg where crt='' and csr!='' and warning<%d", $warn_threshold
));
$sth->execute();
my $rowdata;
while ( $rowdata = $sth->fetchrow_hashref() )
@ -1144,7 +1151,7 @@ sub HandleGPG()
sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support");
} else {
SysLog("Could not find the issued gpg key. ".$row{"id"}."\n");
#$dbh->do("delete from `gpg` where `id`='".$row{'id'}."'");
$dbh->do(sprintf("update gpg set warning=warning+1 where id=%d", $row{'id'}));
}
}
}