Import openssh_8.2p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
committer: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
commit: f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree: 856b0dee3f2764c13a32dad5ffe2424fab7fef41 /authfile.c
parent: 4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent: 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
1 files changed, 40 insertions, 68 deletions
diff --git a/authfile.c b/authfile.c
index 37341189c..20b66d9bd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
 *
@@ -55,20 +55,13 @@
 static int
 sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
 {
-        int fd, oerrno;
+        int r;
+        mode_t omask;
-        if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1)
+        omask = umask(077);
-                return SSH_ERR_SYSTEM_ERROR;
+        r = sshbuf_write_file(filename, keybuf);
-        if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
+        umask(omask);
-            sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
+        return r;
-                oerrno = errno;
-                close(fd);
-                unlink(filename);
-                errno = oerrno;
-                return SSH_ERR_SYSTEM_ERROR;
-        }
-        close(fd);
-        return 0;
 }
 int
@@ -92,49 +85,6 @@ sshkey_save_private(struct sshkey *key, const char *filename,
        return r;
 }
-/* Load a key from a fd into a buffer */
-int
-sshkey_load_file(int fd, struct sshbuf *blob)
-{
-        u_char buf[1024];
-        size_t len;
-        struct stat st;
-        int r;
-        if (fstat(fd, &st) == -1)
-                return SSH_ERR_SYSTEM_ERROR;
-        if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-            st.st_size > MAX_KEY_FILE_SIZE)
-                return SSH_ERR_INVALID_FORMAT;
-        for (;;) {
-                if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
-                        if (errno == EPIPE)
-                                break;
-                        r = SSH_ERR_SYSTEM_ERROR;
-                        goto out;
-                }
-                if ((r = sshbuf_put(blob, buf, len)) != 0)
-                        goto out;
-                if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
-                        r = SSH_ERR_INVALID_FORMAT;
-                        goto out;
-                }
-        }
-        if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-            st.st_size != (off_t)sshbuf_len(blob)) {
-                r = SSH_ERR_FILE_CHANGED;
-                goto out;
-        }
-        r = 0;
- out:
-        explicit_bzero(buf, sizeof(buf));
-        if (r != 0)
-                sshbuf_reset(blob);
-        return r;
-}
 /* XXX remove error() calls from here? */
 int
 sshkey_perm_ok(int fd, const char *filename)
@@ -199,11 +149,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
        if (keyp != NULL)
                *keyp = NULL;
-        if ((buffer = sshbuf_new()) == NULL) {
+        if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        if ((r = sshkey_load_file(fd, buffer)) != 0 ||
            (r = sshkey_parse_private_fileblob_type(buffer, type,
            passphrase, keyp, commentp)) != 0)
                goto out;
@@ -234,12 +180,7 @@ sshkey_load_private(const char *filename, const char *passphrase,
                r = SSH_ERR_KEY_BAD_PERMISSIONS;
                goto out;
        }
+        if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
-        if ((buffer = sshbuf_new()) == NULL) {
-                r = SSH_ERR_ALLOC_FAIL;
-                goto out;
-        }
-        if ((r = sshkey_load_file(fd, buffer)) != 0 ||
            (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
            commentp)) != 0)
                goto out;
@@ -550,3 +491,34 @@ sshkey_advance_past_options(char **cpp)
        return (*cp == '\0' && quoted) ? -1 : 0;
 }
+/* Save a public key */
+int
+sshkey_save_public(const struct sshkey *key, const char *path,
+    const char *comment)
+{
+        int fd, oerrno;
+        FILE *f = NULL;
+        int r = SSH_ERR_INTERNAL_ERROR;
+        if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
+                return SSH_ERR_SYSTEM_ERROR;
+        if ((f = fdopen(fd, "w")) == NULL) {
+                r = SSH_ERR_SYSTEM_ERROR;
+                goto fail;
+        }
+        if ((r = sshkey_write(key, f)) != 0)
+                goto fail;
+        fprintf(f, " %s\n", comment);
+        if (ferror(f) || fclose(f) != 0) {
+                r = SSH_ERR_SYSTEM_ERROR;
+ fail:
+                oerrno = errno;
+                if (f != NULL)
+                        fclose(f);
+                else
+                        close(fd);
+                errno = oerrno;
+                return r;
+        }
+        return 0;
+}
author	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
committer	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
commit	f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree	856b0dee3f2764c13a32dad5ffe2424fab7fef41 /authfile.c
parent	4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent	8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)

diff --git a/authfile.c b/authfile.c index 37341189c..20b66d9bd 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4	*	4	*
@@ -55,20 +55,13 @@
55	static int	55	static int
56	sshkey_save_private_blob(struct sshbuf keybuf, const char filename)	56	sshkey_save_private_blob(struct sshbuf keybuf, const char filename)
57	{	57	{
58	int fd, oerrno;	58	int r;
		59	mode_t omask;
59		60
60	if ((fd = open(filename, O_WRONLY \| O_CREAT \| O_TRUNC, 0600)) == -1)	61	omask = umask(077);
61	return SSH_ERR_SYSTEM_ERROR;	62	r = sshbuf_write_file(filename, keybuf);
62	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),	63	umask(omask);
63	sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {	64	return r;
64	oerrno = errno;
65	close(fd);
66	unlink(filename);
67	errno = oerrno;
68	return SSH_ERR_SYSTEM_ERROR;
69	}
70	close(fd);
71	return 0;
72	}	65	}
73		66
74	int	67	int
@@ -92,49 +85,6 @@ sshkey_save_private(struct sshkey key, const char filename,
92	return r;	85	return r;
93	}	86	}
94		87
95	/* Load a key from a fd into a buffer */
96	int
97	sshkey_load_file(int fd, struct sshbuf *blob)
98	{
99	u_char buf[1024];
100	size_t len;
101	struct stat st;
102	int r;
103
104	if (fstat(fd, &st) == -1)
105	return SSH_ERR_SYSTEM_ERROR;
106	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&
107	st.st_size > MAX_KEY_FILE_SIZE)
108	return SSH_ERR_INVALID_FORMAT;
109	for (;;) {
110	if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
111	if (errno == EPIPE)
112	break;
113	r = SSH_ERR_SYSTEM_ERROR;
114	goto out;
115	}
116	if ((r = sshbuf_put(blob, buf, len)) != 0)
117	goto out;
118	if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
119	r = SSH_ERR_INVALID_FORMAT;
120	goto out;
121	}
122	}
123	if ((st.st_mode & (S_IFSOCK\|S_IFCHR\|S_IFIFO)) == 0 &&
124	st.st_size != (off_t)sshbuf_len(blob)) {
125	r = SSH_ERR_FILE_CHANGED;
126	goto out;
127	}
128	r = 0;
129
130	out:
131	explicit_bzero(buf, sizeof(buf));
132	if (r != 0)
133	sshbuf_reset(blob);
134	return r;
135	}
136
137
138	/* XXX remove error() calls from here? */	88	/* XXX remove error() calls from here? */
139	int	89	int
140	sshkey_perm_ok(int fd, const char *filename)	90	sshkey_perm_ok(int fd, const char *filename)
@@ -199,11 +149,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
199		149
200	if (keyp != NULL)	150	if (keyp != NULL)
201	*keyp = NULL;	151	*keyp = NULL;
202	if ((buffer = sshbuf_new()) == NULL) {	152	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 \|\|
203	r = SSH_ERR_ALLOC_FAIL;
204	goto out;
205	}
206	if ((r = sshkey_load_file(fd, buffer)) != 0 \|\|
207	(r = sshkey_parse_private_fileblob_type(buffer, type,	153	(r = sshkey_parse_private_fileblob_type(buffer, type,
208	passphrase, keyp, commentp)) != 0)	154	passphrase, keyp, commentp)) != 0)
209	goto out;	155	goto out;
@@ -234,12 +180,7 @@ sshkey_load_private(const char filename, const char passphrase,
234	r = SSH_ERR_KEY_BAD_PERMISSIONS;	180	r = SSH_ERR_KEY_BAD_PERMISSIONS;
235	goto out;	181	goto out;
236	}	182	}
237		183	if ((r = sshbuf_load_fd(fd, &buffer)) != 0 \|\|
238	if ((buffer = sshbuf_new()) == NULL) {
239	r = SSH_ERR_ALLOC_FAIL;
240	goto out;
241	}
242	if ((r = sshkey_load_file(fd, buffer)) != 0 \|\|
243	(r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,	184	(r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
244	commentp)) != 0)	185	commentp)) != 0)
245	goto out;	186	goto out;
@@ -550,3 +491,34 @@ sshkey_advance_past_options(char **cpp)
550	return (*cp == '\0' && quoted) ? -1 : 0;	491	return (*cp == '\0' && quoted) ? -1 : 0;
551	}	492	}
552		493
		494	/* Save a public key */
		495	int
		496	sshkey_save_public(const struct sshkey key, const char path,
		497	const char *comment)
		498	{
		499	int fd, oerrno;
		500	FILE *f = NULL;
		501	int r = SSH_ERR_INTERNAL_ERROR;
		502
		503	if ((fd = open(path, O_WRONLY\|O_CREAT\|O_TRUNC, 0644)) == -1)
		504	return SSH_ERR_SYSTEM_ERROR;
		505	if ((f = fdopen(fd, "w")) == NULL) {
		506	r = SSH_ERR_SYSTEM_ERROR;
		507	goto fail;
		508	}
		509	if ((r = sshkey_write(key, f)) != 0)
		510	goto fail;
		511	fprintf(f, " %s\n", comment);
		512	if (ferror(f) \|\| fclose(f) != 0) {
		513	r = SSH_ERR_SYSTEM_ERROR;
		514	fail:
		515	oerrno = errno;
		516	if (f != NULL)
		517	fclose(f);
		518	else
		519	close(fd);
		520	errno = oerrno;
		521	return r;
		522	}
		523	return 0;
		524	}