diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
| commit | 06db584e9de9d904a09300f09feed7f82026d241 (patch) | |
| tree | bc1fbff35a49da3ceabd0637ae18265e15e4fa80 /auth2-pubkey.c | |
| parent | 7517b5bd3155a4e29beb6168129a60f022ea9e9f (diff) | |
- djm@cvs.openbsd.org 2008/06/13 04:40:22
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
Diffstat (limited to 'auth2-pubkey.c')
| -rw-r--r-- | auth2-pubkey.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9863cd9e6..7f7ddd8cf 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.16 2008/06/13 04:40:22 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
| 29 | #include <sys/stat.h> | 29 | #include <sys/stat.h> |
| 30 | 30 | ||
| 31 | #include <fcntl.h> | ||
| 31 | #include <pwd.h> | 32 | #include <pwd.h> |
| 32 | #include <stdio.h> | 33 | #include <stdio.h> |
| 33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
| @@ -180,7 +181,7 @@ static int | |||
| 180 | user_key_allowed2(struct passwd *pw, Key *key, char *file) | 181 | user_key_allowed2(struct passwd *pw, Key *key, char *file) |
| 181 | { | 182 | { |
| 182 | char line[SSH_MAX_PUBKEY_BYTES]; | 183 | char line[SSH_MAX_PUBKEY_BYTES]; |
| 183 | int found_key = 0; | 184 | int found_key = 0, fd; |
| 184 | FILE *f; | 185 | FILE *f; |
| 185 | u_long linenum = 0; | 186 | u_long linenum = 0; |
| 186 | struct stat st; | 187 | struct stat st; |
| @@ -192,16 +193,29 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
| 192 | 193 | ||
| 193 | debug("trying public key file %s", file); | 194 | debug("trying public key file %s", file); |
| 194 | 195 | ||
| 195 | /* Fail quietly if file does not exist */ | 196 | /* |
| 196 | if (stat(file, &st) < 0) { | 197 | * Open the file containing the authorized keys |
| 197 | /* Restore the privileged uid. */ | 198 | * Fail quietly if file does not exist |
| 199 | */ | ||
| 200 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { | ||
| 198 | restore_uid(); | 201 | restore_uid(); |
| 199 | return 0; | 202 | return 0; |
| 200 | } | 203 | } |
| 201 | /* Open the file containing the authorized keys. */ | 204 | if (fstat(fd, &st) < 0) { |
| 202 | f = fopen(file, "r"); | 205 | close(fd); |
| 203 | if (!f) { | 206 | restore_uid(); |
| 204 | /* Restore the privileged uid. */ | 207 | return 0; |
| 208 | } | ||
| 209 | if (!S_ISREG(st.st_mode)) { | ||
| 210 | logit("User %s authorized keys %s is not a regular file", | ||
| 211 | pw->pw_name, file); | ||
| 212 | close(fd); | ||
| 213 | restore_uid(); | ||
| 214 | return 0; | ||
| 215 | } | ||
| 216 | unset_nonblock(fd); | ||
| 217 | if ((f = fdopen(fd, "r")) == NULL) { | ||
| 218 | close(fd); | ||
| 205 | restore_uid(); | 219 | restore_uid(); |
| 206 | return 0; | 220 | return 0; |
| 207 | } | 221 | } |