diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-13 14:51:28 +1000 |
commit | 06db584e9de9d904a09300f09feed7f82026d241 (patch) | |
tree | bc1fbff35a49da3ceabd0637ae18265e15e4fa80 /auth2-pubkey.c | |
parent | 7517b5bd3155a4e29beb6168129a60f022ea9e9f (diff) |
- djm@cvs.openbsd.org 2008/06/13 04:40:22
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9863cd9e6..7f7ddd8cf 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.16 2008/06/13 04:40:22 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -28,6 +28,7 @@ | |||
28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
29 | #include <sys/stat.h> | 29 | #include <sys/stat.h> |
30 | 30 | ||
31 | #include <fcntl.h> | ||
31 | #include <pwd.h> | 32 | #include <pwd.h> |
32 | #include <stdio.h> | 33 | #include <stdio.h> |
33 | #include <stdarg.h> | 34 | #include <stdarg.h> |
@@ -180,7 +181,7 @@ static int | |||
180 | user_key_allowed2(struct passwd *pw, Key *key, char *file) | 181 | user_key_allowed2(struct passwd *pw, Key *key, char *file) |
181 | { | 182 | { |
182 | char line[SSH_MAX_PUBKEY_BYTES]; | 183 | char line[SSH_MAX_PUBKEY_BYTES]; |
183 | int found_key = 0; | 184 | int found_key = 0, fd; |
184 | FILE *f; | 185 | FILE *f; |
185 | u_long linenum = 0; | 186 | u_long linenum = 0; |
186 | struct stat st; | 187 | struct stat st; |
@@ -192,16 +193,29 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
192 | 193 | ||
193 | debug("trying public key file %s", file); | 194 | debug("trying public key file %s", file); |
194 | 195 | ||
195 | /* Fail quietly if file does not exist */ | 196 | /* |
196 | if (stat(file, &st) < 0) { | 197 | * Open the file containing the authorized keys |
197 | /* Restore the privileged uid. */ | 198 | * Fail quietly if file does not exist |
199 | */ | ||
200 | if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) { | ||
198 | restore_uid(); | 201 | restore_uid(); |
199 | return 0; | 202 | return 0; |
200 | } | 203 | } |
201 | /* Open the file containing the authorized keys. */ | 204 | if (fstat(fd, &st) < 0) { |
202 | f = fopen(file, "r"); | 205 | close(fd); |
203 | if (!f) { | 206 | restore_uid(); |
204 | /* Restore the privileged uid. */ | 207 | return 0; |
208 | } | ||
209 | if (!S_ISREG(st.st_mode)) { | ||
210 | logit("User %s authorized keys %s is not a regular file", | ||
211 | pw->pw_name, file); | ||
212 | close(fd); | ||
213 | restore_uid(); | ||
214 | return 0; | ||
215 | } | ||
216 | unset_nonblock(fd); | ||
217 | if ((f = fdopen(fd, "r")) == NULL) { | ||
218 | close(fd); | ||
205 | restore_uid(); | 219 | restore_uid(); |
206 | return 0; | 220 | return 0; |
207 | } | 221 | } |