From 5df45ecd4e8083c450013ad3432943cc4c2ed25e Mon Sep 17 00:00:00 2001 From: Alexis Christoforides Date: Thu, 10 Apr 2014 15:00:10 -0400 Subject: [PATCH] [Security] Added check for failed chmod on "keypairs" directory creation This is to help detect issues where the directory is later found to be not locked down. --- .../KeyPairPersistence.cs | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/mcs/class/Mono.Security/Mono.Security.Cryptography/KeyPairPersistence.cs b/mcs/class/Mono.Security/Mono.Security.Cryptography/KeyPairPersistence.cs index 0615770aaf5..f07db9ec101 100644 --- a/mcs/class/Mono.Security/Mono.Security.Cryptography/KeyPairPersistence.cs +++ b/mcs/class/Mono.Security/Mono.Security.Cryptography/KeyPairPersistence.cs @@ -215,14 +215,19 @@ namespace Mono.Security.Cryptography { _userPathExists = Directory.Exists (_userPath); if (!_userPathExists) { try { - Directory.CreateDirectory (_userPath); - ProtectUser (_userPath); - _userPathExists = true; + Directory.CreateDirectory (_userPath); } catch (Exception e) { string msg = Locale.GetText ("Could not create user key store '{0}'."); throw new CryptographicException (String.Format (msg, _userPath), e); } + + if (!ProtectUser (_userPath)) { + string msg = Locale.GetText ("Could not secure user key store '{0}'."); + throw new IOException (String.Format (msg, _userPath)); + } + + _userPathExists = true; } } } @@ -248,13 +253,18 @@ namespace Mono.Security.Cryptography { if (!_machinePathExists) { try { Directory.CreateDirectory (_machinePath); - ProtectMachine (_machinePath); - _machinePathExists = true; } catch (Exception e) { string msg = Locale.GetText ("Could not create machine key store '{0}'."); throw new CryptographicException (String.Format (msg, _machinePath), e); } + + if (!ProtectMachine (_machinePath)) { + string msg = Locale.GetText ("Could not secure machine key store '{0}'."); + throw new IOException (String.Format (msg, _machinePath)); + } + + _machinePathExists = true; } } } -- 2.25.1