Attachment #1517 for bug #1471

View | Details | Raw Unified | Return to bug 1471
Collapse All | Expand All

Lines 17-22 Link Here

(-)auth-rhosts.c (-3 / +21 lines)
17	#include <sys/types.h>	17	#include <sys/types.h>
18	#include <sys/stat.h>	18	#include <sys/stat.h>
19		19
		20	#include <fcntl.h>
20	#include <netgroup.h>	21	#include <netgroup.h>
21	#include <pwd.h>	22	#include <pwd.h>
22	#include <stdio.h>	23	#include <stdio.h>
Lines 33-38 Link Here
33	#include "key.h"	34	#include "key.h"
34	#include "hostfile.h"	35	#include "hostfile.h"
35	#include "auth.h"	36	#include "auth.h"
		37	#include "misc.h"
36		38
37	/* import */	39	/* import */
38	extern ServerOptions options;	40	extern ServerOptions options;
Lines 51-62 check_rhosts_file(const char *filename, Link Here
51	{	53	{
52	FILE *f;	54	FILE *f;
53	char buf[1024]; /* Must not be larger than host, user, dummy below. */	55	char buf[1024]; /* Must not be larger than host, user, dummy below. */
		56	int fd;
		57	struct stat st;
54		58
55	/* Open the .rhosts file, deny if unreadable */	59	/* Open the .rhosts file, deny if unreadable */
56	f = fopen(filename, "r");	60	if ((fd = open(filename, O_RDONLY\|O_NONBLOCK)) == -1)
57	if (!f)
58	return 0;	61	return 0;
59		62	if (fstat(fd, &st) == -1) {
		63	close(fd);
		64	return 0;
		65	}
		66	if (!S_ISREG(st.st_mode)) {
		67	logit("User %s hosts file %s is not a regular file",
		68	server_user, filename);
		69	close(fd);
		70	restore_uid();
		71	return 0;
		72	}
		73	unset_nonblock(fd);
		74	if ((f = fdopen(fd, "r")) == NULL) {
		75	close(fd);
		76	return 0;
		77	}
60	while (fgets(buf, sizeof(buf), f)) {	78	while (fgets(buf, sizeof(buf), f)) {
61	/* All three must be at least as big as buf to avoid overflows. */	79	/* All three must be at least as big as buf to avoid overflows. */
62	char hostbuf[1024], userbuf[1024], dummy[1024], host, user, *cp;	80	char hostbuf[1024], userbuf[1024], dummy[1024], host, user, *cp;

Lines 27-32 Link Here

(-)auth2-pubkey.c (-8 / +22 lines)
27	#include <sys/types.h>	27	#include <sys/types.h>
28	#include <sys/stat.h>	28	#include <sys/stat.h>
29		29
		30	#include <fcntl.h>
30	#include <pwd.h>	31	#include <pwd.h>
31	#include <stdio.h>	32	#include <stdio.h>
32	#include <stdarg.h>	33	#include <stdarg.h>
Lines 175-181 static int Link Here
175	user_key_allowed2(struct passwd pw, Key key, char *file)	176	user_key_allowed2(struct passwd pw, Key key, char *file)
176	{	177	{
177	char line[SSH_MAX_PUBKEY_BYTES];	178	char line[SSH_MAX_PUBKEY_BYTES];
178	int found_key = 0;	179	int found_key = 0, fd;
179	FILE *f;	180	FILE *f;
180	u_long linenum = 0;	181	u_long linenum = 0;
181	struct stat st;	182	struct stat st;
Lines 187-202 user_key_allowed2(struct passwd *pw, Key Link Here
187		188
188	debug("trying public key file %s", file);	189	debug("trying public key file %s", file);
189		190
190	/* Fail quietly if file does not exist */	191	/*
191	if (stat(file, &st) < 0) {	192	* Open the file containing the authorized keys
192	/* Restore the privileged uid. */	193	* Fail quietly if file does not exist
		194	*/
		195	if ((fd = open(file, O_RDONLY\|O_NONBLOCK)) == -1) {
193	restore_uid();	196	restore_uid();
194	return 0;	197	return 0;
195	}	198	}
196	/* Open the file containing the authorized keys. */	199	if (fstat(fd, &st) < 0) {
197	f = fopen(file, "r");	200	close(fd);
198	if (!f) {	201	restore_uid();
199	/* Restore the privileged uid. */	202	return 0;
		203	}
		204	if (!S_ISREG(st.st_mode)) {
		205	logit("User %s authorized keys %s is not a regular file",
		206	pw->pw_name, file);
		207	close(fd);
		208	restore_uid();
		209	return 0;
		210	}
		211	unset_nonblock(fd);
		212	if ((f = fdopen(fd, "r")) == NULL) {
		213	close(fd);
200	restore_uid();	214	restore_uid();
201	return 0;	215	return 0;
202	}	216	}

Return to bug 1471