diff options
| author | Damien Miller <djm@mindrot.org> | 2005-02-16 13:02:45 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2005-02-16 13:02:45 +1100 |
| commit | ed462d9a4557a400266c43d13fd6fa0ec8c7d9ea (patch) | |
| tree | 3fff6ff14fa9a83cd1fab9f493cd3d4690bbae1e | |
| parent | 66df70c97d189fb8bdf35a66b42f62bcc0a6e4da (diff) | |
write seed to temporary file and atomically rename into place; ok dtucker@
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh-rand-helper.c | 38 |
2 files changed, 34 insertions, 10 deletions
| @@ -1,3 +1,7 @@ | |||
| 1 | 20050216 | ||
| 2 | - (djm) write seed to temporary file and atomically rename into place; | ||
| 3 | ok dtucker@ | ||
| 4 | |||
| 1 | 20050215 | 5 | 20050215 |
| 2 | - (dtucker) [config.sh.in] Collect oslevel -r too. | 6 | - (dtucker) [config.sh.in] Collect oslevel -r too. |
| 3 | - (dtucker) [README.platform auth.c configure.ac loginrec.c | 7 | - (dtucker) [README.platform auth.c configure.ac loginrec.c |
| @@ -2131,4 +2135,4 @@ | |||
| 2131 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2135 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2132 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2136 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2133 | 2137 | ||
| 2134 | $Id: ChangeLog,v 1.3653 2005/02/15 11:19:28 dtucker Exp $ | 2138 | $Id: ChangeLog,v 1.3654 2005/02/16 02:02:45 djm Exp $ |
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 7cd081fab..6412d44e2 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c | |||
| @@ -39,7 +39,7 @@ | |||
| 39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
| 40 | #include "log.h" | 40 | #include "log.h" |
| 41 | 41 | ||
| 42 | RCSID("$Id: ssh-rand-helper.c,v 1.20 2004/12/20 01:05:08 dtucker Exp $"); | 42 | RCSID("$Id: ssh-rand-helper.c,v 1.21 2005/02/16 02:02:45 djm Exp $"); |
| 43 | 43 | ||
| 44 | /* Number of bytes we write out */ | 44 | /* Number of bytes we write out */ |
| 45 | #define OUTPUT_SEED_SIZE 48 | 45 | #define OUTPUT_SEED_SIZE 48 |
| @@ -550,10 +550,11 @@ prng_check_seedfile(char *filename) | |||
| 550 | void | 550 | void |
| 551 | prng_write_seedfile(void) | 551 | prng_write_seedfile(void) |
| 552 | { | 552 | { |
| 553 | int fd; | 553 | int fd, save_errno; |
| 554 | unsigned char seed[SEED_FILE_SIZE]; | 554 | unsigned char seed[SEED_FILE_SIZE]; |
| 555 | char filename[MAXPATHLEN]; | 555 | char filename[MAXPATHLEN], tmpseed[MAXPATHLEN]; |
| 556 | struct passwd *pw; | 556 | struct passwd *pw; |
| 557 | mode_t old_umask; | ||
| 557 | 558 | ||
| 558 | pw = getpwuid(getuid()); | 559 | pw = getpwuid(getuid()); |
| 559 | if (pw == NULL) | 560 | if (pw == NULL) |
| @@ -568,7 +569,10 @@ prng_write_seedfile(void) | |||
| 568 | snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, | 569 | snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir, |
| 569 | SSH_PRNG_SEED_FILE); | 570 | SSH_PRNG_SEED_FILE); |
| 570 | 571 | ||
| 571 | debug("writing PRNG seed to file %.100s", filename); | 572 | strlcpy(tmpseed, filename, sizeof(tmpseed)); |
| 573 | if (strlcat(tmpseed, ".XXXXXXXXXX", sizeof(tmpseed)) >= | ||
| 574 | sizeof(tmpseed)) | ||
| 575 | fatal("PRNG seed filename too long"); | ||
| 572 | 576 | ||
| 573 | if (RAND_bytes(seed, sizeof(seed)) <= 0) | 577 | if (RAND_bytes(seed, sizeof(seed)) <= 0) |
| 574 | fatal("PRNG seed extraction failed"); | 578 | fatal("PRNG seed extraction failed"); |
| @@ -576,15 +580,31 @@ prng_write_seedfile(void) | |||
| 576 | /* Don't care if the seed doesn't exist */ | 580 | /* Don't care if the seed doesn't exist */ |
| 577 | prng_check_seedfile(filename); | 581 | prng_check_seedfile(filename); |
| 578 | 582 | ||
| 579 | if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) { | 583 | old_umask = umask(0177); |
| 580 | debug("WARNING: couldn't access PRNG seedfile %.100s " | 584 | |
| 581 | "(%.100s)", filename, strerror(errno)); | 585 | if ((fd = mkstemp(tmpseed)) == -1) { |
| 586 | debug("WARNING: couldn't make temporary PRNG seedfile %.100s " | ||
| 587 | "(%.100s)", tmpseed, strerror(errno)); | ||
| 582 | } else { | 588 | } else { |
| 583 | if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) | 589 | debug("writing PRNG seed to file %.100s", tmpseed); |
| 590 | if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed)) { | ||
| 591 | save_errno = errno; | ||
| 592 | close(fd); | ||
| 593 | unlink(tmpseed); | ||
| 584 | fatal("problem writing PRNG seedfile %.100s " | 594 | fatal("problem writing PRNG seedfile %.100s " |
| 585 | "(%.100s)", filename, strerror(errno)); | 595 | "(%.100s)", filename, strerror(save_errno)); |
| 596 | } | ||
| 586 | close(fd); | 597 | close(fd); |
| 598 | debug("moving temporary PRNG seed to file %.100s", filename); | ||
| 599 | if (rename(tmpseed, filename) == -1) { | ||
| 600 | save_errno = errno; | ||
| 601 | unlink(tmpseed); | ||
| 602 | fatal("problem renaming PRNG seedfile from %.100s " | ||
| 603 | "to %.100s (%.100s)", tmpseed, filename, | ||
| 604 | strerror(save_errno)); | ||
| 605 | } | ||
| 587 | } | 606 | } |
| 607 | umask(old_umask); | ||
| 588 | } | 608 | } |
| 589 | 609 | ||
| 590 | void | 610 | void |