diff options
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 395213553..b987562b9 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -89,7 +89,7 @@ | |||
89 | #endif | 89 | #endif |
90 | 90 | ||
91 | #ifndef DEFAULT_PKCS11_WHITELIST | 91 | #ifndef DEFAULT_PKCS11_WHITELIST |
92 | # define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" | 92 | # define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" |
93 | #endif | 93 | #endif |
94 | 94 | ||
95 | typedef enum { | 95 | typedef enum { |
@@ -821,7 +821,7 @@ send: | |||
821 | static void | 821 | static void |
822 | process_remove_smartcard_key(SocketEntry *e) | 822 | process_remove_smartcard_key(SocketEntry *e) |
823 | { | 823 | { |
824 | char *provider = NULL, *pin = NULL; | 824 | char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; |
825 | int r, version, success = 0; | 825 | int r, version, success = 0; |
826 | Identity *id, *nxt; | 826 | Identity *id, *nxt; |
827 | Idtab *tab; | 827 | Idtab *tab; |
@@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e) | |||
831 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 831 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
832 | free(pin); | 832 | free(pin); |
833 | 833 | ||
834 | if (realpath(provider, canonical_provider) == NULL) { | ||
835 | verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", | ||
836 | provider, strerror(errno)); | ||
837 | goto send; | ||
838 | } | ||
839 | |||
840 | debug("%s: remove %.100s", __func__, canonical_provider); | ||
834 | for (version = 1; version < 3; version++) { | 841 | for (version = 1; version < 3; version++) { |
835 | tab = idtab_lookup(version); | 842 | tab = idtab_lookup(version); |
836 | for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { | 843 | for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { |
@@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e) | |||
838 | /* Skip file--based keys */ | 845 | /* Skip file--based keys */ |
839 | if (id->provider == NULL) | 846 | if (id->provider == NULL) |
840 | continue; | 847 | continue; |
841 | if (!strcmp(provider, id->provider)) { | 848 | if (!strcmp(canonical_provider, id->provider)) { |
842 | TAILQ_REMOVE(&tab->idlist, id, next); | 849 | TAILQ_REMOVE(&tab->idlist, id, next); |
843 | free_identity(id); | 850 | free_identity(id); |
844 | tab->nentries--; | 851 | tab->nentries--; |
845 | } | 852 | } |
846 | } | 853 | } |
847 | } | 854 | } |
848 | if (pkcs11_del_provider(provider) == 0) | 855 | if (pkcs11_del_provider(canonical_provider) == 0) |
849 | success = 1; | 856 | success = 1; |
850 | else | 857 | else |
851 | error("process_remove_smartcard_key:" | 858 | error("process_remove_smartcard_key:" |
852 | " pkcs11_del_provider failed"); | 859 | " pkcs11_del_provider failed"); |
860 | send: | ||
853 | free(provider); | 861 | free(provider); |
854 | send_status(e, success); | 862 | send_status(e, success); |
855 | } | 863 | } |