diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
| commit | 06db584e9de9d904a09300f09feed7f82026d241 (patch) | |
| tree | bc1fbff35a49da3ceabd0637ae18265e15e4fa80 /auth-rhosts.c | |
| parent | 7517b5bd3155a4e29beb6168129a60f022ea9e9f (diff) | |
- djm@cvs.openbsd.org 2008/06/13 04:40:22
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
Diffstat (limited to 'auth-rhosts.c')
| -rw-r--r-- | auth-rhosts.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/auth-rhosts.c b/auth-rhosts.c index cd0a7967a..bbddfb6df 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-rhosts.c,v 1.42 2008/06/13 04:40:22 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <stdio.h> | 26 | #include <stdio.h> |
| 27 | #include <string.h> | 27 | #include <string.h> |
| 28 | #include <stdarg.h> | 28 | #include <stdarg.h> |
| 29 | #include <fcntl.h> | ||
| 29 | 30 | ||
| 30 | #include "packet.h" | 31 | #include "packet.h" |
| 31 | #include "buffer.h" | 32 | #include "buffer.h" |
| @@ -37,6 +38,7 @@ | |||
| 37 | #include "key.h" | 38 | #include "key.h" |
| 38 | #include "hostfile.h" | 39 | #include "hostfile.h" |
| 39 | #include "auth.h" | 40 | #include "auth.h" |
| 41 | #include "misc.h" | ||
| 40 | 42 | ||
| 41 | /* import */ | 43 | /* import */ |
| 42 | extern ServerOptions options; | 44 | extern ServerOptions options; |
| @@ -55,12 +57,27 @@ check_rhosts_file(const char *filename, const char *hostname, | |||
| 55 | { | 57 | { |
| 56 | FILE *f; | 58 | FILE *f; |
| 57 | char buf[1024]; /* Must not be larger than host, user, dummy below. */ | 59 | char buf[1024]; /* Must not be larger than host, user, dummy below. */ |
| 60 | int fd; | ||
| 61 | struct stat st; | ||
| 58 | 62 | ||
| 59 | /* Open the .rhosts file, deny if unreadable */ | 63 | /* Open the .rhosts file, deny if unreadable */ |
| 60 | f = fopen(filename, "r"); | 64 | if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1) |
| 61 | if (!f) | ||
| 62 | return 0; | 65 | return 0; |
| 63 | 66 | if (fstat(fd, &st) == -1) { | |
| 67 | close(fd); | ||
| 68 | return 0; | ||
| 69 | } | ||
| 70 | if (!S_ISREG(st.st_mode)) { | ||
| 71 | logit("User %s hosts file %s is not a regular file", | ||
| 72 | server_user, filename); | ||
| 73 | close(fd); | ||
| 74 | return 0; | ||
| 75 | } | ||
| 76 | unset_nonblock(fd); | ||
| 77 | if ((f = fdopen(fd, "r")) == NULL) { | ||
| 78 | close(fd); | ||
| 79 | return 0; | ||
| 80 | } | ||
| 64 | while (fgets(buf, sizeof(buf), f)) { | 81 | while (fgets(buf, sizeof(buf), f)) { |
| 65 | /* All three must be at least as big as buf to avoid overflows. */ | 82 | /* All three must be at least as big as buf to avoid overflows. */ |
| 66 | char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; | 83 | char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp; |