upstream commit

pledge, better fatal() messages; feedback deraadt@

Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f

1 files changed, 16 insertions, 7 deletions

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1dca3e289..4c99609b2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.50 2015/11/29 22:18:37 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -34,6 +34,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 #ifdef WITH_OPENSSL
 #include <openssl/evp.h>
@@ -59,6 +60,8 @@
 
 struct ssh *active_state = NULL; /* XXX needed for linking */
 
+extern char *__progname;
+
 /* XXX readconf.c needs these */
 uid_t original_real_uid;
 
@@ -179,6 +182,9 @@ main(int argc, char **argv)
         u_int32_t rnd[256];
 #endif
 
+        if (pledge("stdio rpath getpw dns id", NULL) != 0)
+                fatal("%s: pledge: %s", __progname, strerror(errno));
+
         /* Ensure that stdin and stdout are connected */
         if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
                 exit(1);
@@ -245,23 +251,26 @@ main(int argc, char **argv)
         if (!found)
                 fatal("no hostkey found");
 
+        if (pledge("stdio dns", NULL) != 0)
+                fatal("%s: pledge: %s", __progname, strerror(errno));
+
         if ((b = sshbuf_new()) == NULL)
-                fatal("%s: sshbuf_new failed", __func__);
+                fatal("%s: sshbuf_new failed", __progname);
         if (ssh_msg_recv(STDIN_FILENO, b) < 0)
                 fatal("ssh_msg_recv failed");
         if ((r = sshbuf_get_u8(b, &rver)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                fatal("%s: buffer error: %s", __progname, ssh_err(r));
         if (rver != version)
                 fatal("bad version: received %d, expected %d", rver, version);
         if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                fatal("%s: buffer error: %s", __progname, ssh_err(r));
         if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
                 fatal("bad fd");
         if ((host = get_local_name(fd)) == NULL)
                 fatal("cannot get local name for fd");
 
         if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                fatal("%s: buffer error: %s", __progname, ssh_err(r));
         if (valid_request(pw, host, &key, data, dlen) < 0)
                 fatal("not a valid request");
         free(host);
@@ -277,7 +286,7 @@ main(int argc, char **argv)
         if (!found) {
                 if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
                     SSH_FP_DEFAULT)) == NULL)
-                        fatal("%s: sshkey_fingerprint failed", __func__);
+                        fatal("%s: sshkey_fingerprint failed", __progname);
                 fatal("no matching hostkey found for key %s %s",
                     sshkey_type(key), fp ? fp : "");
         }
@@ -289,7 +298,7 @@ main(int argc, char **argv)
         /* send reply */
         sshbuf_reset(b);
         if ((r = sshbuf_put_string(b, signature, slen)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                fatal("%s: buffer error: %s", __progname, ssh_err(r));
         if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
                 fatal("ssh_msg_send failed");