diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-03-15 02:25:09 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-03-15 13:34:20 +1100 |
| commit | 25f837646be8c2017c914d34be71ca435dfc0e07 (patch) | |
| tree | 4310dd6e718f40635390f337e3a4a2640f5c4436 /ssh-agent.c | |
| parent | a8c5eeacf032a7d3408957e45dd7603cc1baf55f (diff) | |
upstream commit
fix regression in 7.4: deletion of PKCS#11-hosted keys
would fail unless they were specified by full physical pathname. Report and
fix from Jakub Jelen via bz#2682; ok dtucker@
Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 1320cdaa1..72d538e7c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.216 2017/01/04 02:21:43 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.217 2017/03/15 02:25:09 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -821,7 +821,7 @@ send: | |||
| 821 | static void | 821 | static void |
| 822 | process_remove_smartcard_key(SocketEntry *e) | 822 | process_remove_smartcard_key(SocketEntry *e) |
| 823 | { | 823 | { |
| 824 | char *provider = NULL, *pin = NULL; | 824 | char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; |
| 825 | int r, version, success = 0; | 825 | int r, version, success = 0; |
| 826 | Identity *id, *nxt; | 826 | Identity *id, *nxt; |
| 827 | Idtab *tab; | 827 | Idtab *tab; |
| @@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e) | |||
| 831 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 831 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 832 | free(pin); | 832 | free(pin); |
| 833 | 833 | ||
| 834 | if (realpath(provider, canonical_provider) == NULL) { | ||
| 835 | verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", | ||
| 836 | provider, strerror(errno)); | ||
| 837 | goto send; | ||
| 838 | } | ||
| 839 | |||
| 840 | debug("%s: remove %.100s", __func__, canonical_provider); | ||
| 834 | for (version = 1; version < 3; version++) { | 841 | for (version = 1; version < 3; version++) { |
| 835 | tab = idtab_lookup(version); | 842 | tab = idtab_lookup(version); |
| 836 | for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { | 843 | for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { |
| @@ -838,14 +845,14 @@ process_remove_smartcard_key(SocketEntry *e) | |||
| 838 | /* Skip file--based keys */ | 845 | /* Skip file--based keys */ |
| 839 | if (id->provider == NULL) | 846 | if (id->provider == NULL) |
| 840 | continue; | 847 | continue; |
| 841 | if (!strcmp(provider, id->provider)) { | 848 | if (!strcmp(canonical_provider, id->provider)) { |
| 842 | TAILQ_REMOVE(&tab->idlist, id, next); | 849 | TAILQ_REMOVE(&tab->idlist, id, next); |
| 843 | free_identity(id); | 850 | free_identity(id); |
| 844 | tab->nentries--; | 851 | tab->nentries--; |
| 845 | } | 852 | } |
| 846 | } | 853 | } |
| 847 | } | 854 | } |
| 848 | if (pkcs11_del_provider(provider) == 0) | 855 | if (pkcs11_del_provider(canonical_provider) == 0) |
| 849 | success = 1; | 856 | success = 1; |
| 850 | else | 857 | else |
| 851 | error("process_remove_smartcard_key:" | 858 | error("process_remove_smartcard_key:" |