diff options
author | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
commit | f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch) | |
tree | 856b0dee3f2764c13a32dad5ffe2424fab7fef41 /authfile.c | |
parent | 4213eec74e74de6310c27a40c3e9759a08a73996 (diff) | |
parent | 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff) |
Import openssh_8.2p1.orig.tar.gz
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 108 |
1 files changed, 40 insertions, 68 deletions
diff --git a/authfile.c b/authfile.c index 37341189c..20b66d9bd 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -55,20 +55,13 @@ | |||
55 | static int | 55 | static int |
56 | sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) | 56 | sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) |
57 | { | 57 | { |
58 | int fd, oerrno; | 58 | int r; |
59 | mode_t omask; | ||
59 | 60 | ||
60 | if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) | 61 | omask = umask(077); |
61 | return SSH_ERR_SYSTEM_ERROR; | 62 | r = sshbuf_write_file(filename, keybuf); |
62 | if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), | 63 | umask(omask); |
63 | sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { | 64 | return r; |
64 | oerrno = errno; | ||
65 | close(fd); | ||
66 | unlink(filename); | ||
67 | errno = oerrno; | ||
68 | return SSH_ERR_SYSTEM_ERROR; | ||
69 | } | ||
70 | close(fd); | ||
71 | return 0; | ||
72 | } | 65 | } |
73 | 66 | ||
74 | int | 67 | int |
@@ -92,49 +85,6 @@ sshkey_save_private(struct sshkey *key, const char *filename, | |||
92 | return r; | 85 | return r; |
93 | } | 86 | } |
94 | 87 | ||
95 | /* Load a key from a fd into a buffer */ | ||
96 | int | ||
97 | sshkey_load_file(int fd, struct sshbuf *blob) | ||
98 | { | ||
99 | u_char buf[1024]; | ||
100 | size_t len; | ||
101 | struct stat st; | ||
102 | int r; | ||
103 | |||
104 | if (fstat(fd, &st) == -1) | ||
105 | return SSH_ERR_SYSTEM_ERROR; | ||
106 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && | ||
107 | st.st_size > MAX_KEY_FILE_SIZE) | ||
108 | return SSH_ERR_INVALID_FORMAT; | ||
109 | for (;;) { | ||
110 | if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { | ||
111 | if (errno == EPIPE) | ||
112 | break; | ||
113 | r = SSH_ERR_SYSTEM_ERROR; | ||
114 | goto out; | ||
115 | } | ||
116 | if ((r = sshbuf_put(blob, buf, len)) != 0) | ||
117 | goto out; | ||
118 | if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) { | ||
119 | r = SSH_ERR_INVALID_FORMAT; | ||
120 | goto out; | ||
121 | } | ||
122 | } | ||
123 | if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && | ||
124 | st.st_size != (off_t)sshbuf_len(blob)) { | ||
125 | r = SSH_ERR_FILE_CHANGED; | ||
126 | goto out; | ||
127 | } | ||
128 | r = 0; | ||
129 | |||
130 | out: | ||
131 | explicit_bzero(buf, sizeof(buf)); | ||
132 | if (r != 0) | ||
133 | sshbuf_reset(blob); | ||
134 | return r; | ||
135 | } | ||
136 | |||
137 | |||
138 | /* XXX remove error() calls from here? */ | 88 | /* XXX remove error() calls from here? */ |
139 | int | 89 | int |
140 | sshkey_perm_ok(int fd, const char *filename) | 90 | sshkey_perm_ok(int fd, const char *filename) |
@@ -199,11 +149,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, | |||
199 | 149 | ||
200 | if (keyp != NULL) | 150 | if (keyp != NULL) |
201 | *keyp = NULL; | 151 | *keyp = NULL; |
202 | if ((buffer = sshbuf_new()) == NULL) { | 152 | if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || |
203 | r = SSH_ERR_ALLOC_FAIL; | ||
204 | goto out; | ||
205 | } | ||
206 | if ((r = sshkey_load_file(fd, buffer)) != 0 || | ||
207 | (r = sshkey_parse_private_fileblob_type(buffer, type, | 153 | (r = sshkey_parse_private_fileblob_type(buffer, type, |
208 | passphrase, keyp, commentp)) != 0) | 154 | passphrase, keyp, commentp)) != 0) |
209 | goto out; | 155 | goto out; |
@@ -234,12 +180,7 @@ sshkey_load_private(const char *filename, const char *passphrase, | |||
234 | r = SSH_ERR_KEY_BAD_PERMISSIONS; | 180 | r = SSH_ERR_KEY_BAD_PERMISSIONS; |
235 | goto out; | 181 | goto out; |
236 | } | 182 | } |
237 | 183 | if ((r = sshbuf_load_fd(fd, &buffer)) != 0 || | |
238 | if ((buffer = sshbuf_new()) == NULL) { | ||
239 | r = SSH_ERR_ALLOC_FAIL; | ||
240 | goto out; | ||
241 | } | ||
242 | if ((r = sshkey_load_file(fd, buffer)) != 0 || | ||
243 | (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, | 184 | (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, |
244 | commentp)) != 0) | 185 | commentp)) != 0) |
245 | goto out; | 186 | goto out; |
@@ -550,3 +491,34 @@ sshkey_advance_past_options(char **cpp) | |||
550 | return (*cp == '\0' && quoted) ? -1 : 0; | 491 | return (*cp == '\0' && quoted) ? -1 : 0; |
551 | } | 492 | } |
552 | 493 | ||
494 | /* Save a public key */ | ||
495 | int | ||
496 | sshkey_save_public(const struct sshkey *key, const char *path, | ||
497 | const char *comment) | ||
498 | { | ||
499 | int fd, oerrno; | ||
500 | FILE *f = NULL; | ||
501 | int r = SSH_ERR_INTERNAL_ERROR; | ||
502 | |||
503 | if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) | ||
504 | return SSH_ERR_SYSTEM_ERROR; | ||
505 | if ((f = fdopen(fd, "w")) == NULL) { | ||
506 | r = SSH_ERR_SYSTEM_ERROR; | ||
507 | goto fail; | ||
508 | } | ||
509 | if ((r = sshkey_write(key, f)) != 0) | ||
510 | goto fail; | ||
511 | fprintf(f, " %s\n", comment); | ||
512 | if (ferror(f) || fclose(f) != 0) { | ||
513 | r = SSH_ERR_SYSTEM_ERROR; | ||
514 | fail: | ||
515 | oerrno = errno; | ||
516 | if (f != NULL) | ||
517 | fclose(f); | ||
518 | else | ||
519 | close(fd); | ||
520 | errno = oerrno; | ||
521 | return r; | ||
522 | } | ||
523 | return 0; | ||
524 | } | ||