summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c16
1 files changed, 2 insertions, 14 deletions
diff --git a/authfile.c b/authfile.c
index af4190eeb..3481e0b04 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.125 2017/05/30 08:49:32 markus Exp $ */ 1/* $OpenBSD: authfile.c,v 1.126 2017/05/31 09:15:42 deraadt Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -100,25 +100,13 @@ sshkey_load_file(int fd, struct sshbuf *blob)
100 u_char buf[1024]; 100 u_char buf[1024];
101 size_t len; 101 size_t len;
102 struct stat st; 102 struct stat st;
103 int r, dontmax = 0; 103 int r;
104 104
105 if (fstat(fd, &st) < 0) 105 if (fstat(fd, &st) < 0)
106 return SSH_ERR_SYSTEM_ERROR; 106 return SSH_ERR_SYSTEM_ERROR;
107 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && 107 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
108 st.st_size > MAX_KEY_FILE_SIZE) 108 st.st_size > MAX_KEY_FILE_SIZE)
109 return SSH_ERR_INVALID_FORMAT; 109 return SSH_ERR_INVALID_FORMAT;
110 /*
111 * Pre-allocate the buffer used for the key contents and clamp its
112 * maximum size. This ensures that key contents are never leaked via
113 * implicit realloc() in the sshbuf code.
114 */
115 if ((st.st_mode & S_IFREG) == 0 || st.st_size <= 0) {
116 st.st_size = 64*1024; /* 64k ought to be enough for anybody. :) */
117 dontmax = 1;
118 }
119 if ((r = sshbuf_allocate(blob, st.st_size)) != 0 ||
120 (dontmax && (r = sshbuf_set_max_size(blob, st.st_size)) != 0))
121 return r;
122 for (;;) { 110 for (;;) {
123 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { 111 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
124 if (errno == EPIPE) 112 if (errno == EPIPE)