e26ec4c cert-revoke: fix permission check bypass (CVE-2016-5404)

1 file Authored by ftweedal 7 years ago, Committed by jcholast 7 years ago,
    cert-revoke: fix permission check bypass (CVE-2016-5404)
    The 'cert_revoke' command checks the 'revoke certificate'
    permission, however, if an ACIError is raised, it then invokes the
    'cert_show' command.  The rational was to re-use a "host manages
    certificate" check that is part of the 'cert_show' command, however,
    it is sufficient that 'cert_show' executes successfully for
    'cert_revoke' to recover from the ACIError continue.  Therefore,
    anyone with 'retrieve certificate' permission can revoke *any*
    certificate and cause various kinds of DoS.
    Fix the problem by extracting the "host manages certificate" check
    to its own method and explicitly calling it from 'cert_revoke'.
    Fixes: https://fedorahosted.org/freeipa/ticket/6232
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>
file modified
+30 -17