Bugzilla – Attachment 1049 Details for
Bug 1138
Passphrase asked for (but ignored) if key file permissions too liberal.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Check perms on key files and bail early if bad
openssh-bug1138.patch (text/plain), 2.04 KB, created by
Darren Tucker
on 2005-12-20 23:56:50 AEDT
(
hide
)
Description:
Check perms on key files and bail early if bad
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2005-12-20 23:56:50 AEDT
Size:
2.04 KB
patch
obsolete
>Index: authfile.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/authfile.c,v >retrieving revision 1.60 >diff -u -p -r1.60 authfile.c >--- authfile.c 17 Jun 2005 02:59:35 -0000 1.60 >+++ authfile.c 20 Dec 2005 12:36:19 -0000 >@@ -507,7 +507,7 @@ key_load_private_pem(int fd, int type, c > return prv; > } > >-static int >+int > key_perm_ok(int fd, const char *filename) > { > struct stat st; >Index: authfile.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/authfile.h,v >retrieving revision 1.8 >diff -u -p -r1.8 authfile.h >--- authfile.h 6 Jun 2002 19:57:34 -0000 1.8 >+++ authfile.h 20 Dec 2005 12:36:59 -0000 >@@ -21,5 +21,6 @@ Key *key_load_public_type(int, const cha > Key *key_load_private(const char *, const char *, char **); > Key *key_load_private_type(int, const char *, const char *, char **); > Key *key_load_private_pem(int, int, const char *, char **); >+int key_perm_ok(int, const char *); > > #endif >Index: ssh-add.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/ssh-add.c,v >retrieving revision 1.81 >diff -u -p -r1.81 ssh-add.c >--- ssh-add.c 22 Nov 2005 08:37:09 -0000 1.81 >+++ ssh-add.c 20 Dec 2005 12:52:33 -0000 >@@ -124,16 +124,25 @@ delete_all(AuthenticationConnection *ac) > static int > add_file(AuthenticationConnection *ac, const char *filename) > { >- struct stat st; > Key *private; > char *comment = NULL; > char msg[1024]; >- int ret = -1; >+ int fd, perms_ok, ret = -1; > >- if (stat(filename, &st) < 0) { >+ if ((fd = open(filename, 0)) < 0) { > perror(filename); > return -1; > } >+ >+ /* >+ * Since we'll try to load a keyfile multiple times, permission errors >+ * will occur multiple times, so check perms first and bail if wrong. >+ */ >+ perms_ok = key_perm_ok(fd, filename); >+ close(fd); >+ if (!perms_ok) >+ return -1; >+ > /* At first, try empty passphrase */ > private = key_load_private(filename, "", &comment); > if (comment == NULL)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1049">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1138
: 1049