summaryrefslogtreecommitdiff
path: root/ssh-agent.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-agent.c')
-rw-r--r--ssh-agent.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/ssh-agent.c b/ssh-agent.c
index 395213553..b987562b9 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.215 2016/11/30 03:07:37 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.218 2017/03/15 03:52:30 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,7 +89,7 @@
89#endif 89#endif
90 90
91#ifndef DEFAULT_PKCS11_WHITELIST 91#ifndef DEFAULT_PKCS11_WHITELIST
92# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*" 92# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
93#endif 93#endif
94 94
95typedef enum { 95typedef enum {
@@ -821,7 +821,7 @@ send:
821static void 821static void
822process_remove_smartcard_key(SocketEntry *e) 822process_remove_smartcard_key(SocketEntry *e)
823{ 823{
824 char *provider = NULL, *pin = NULL; 824 char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
825 int r, version, success = 0; 825 int r, version, success = 0;
826 Identity *id, *nxt; 826 Identity *id, *nxt;
827 Idtab *tab; 827 Idtab *tab;
@@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e)
831 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 831 fatal("%s: buffer error: %s", __func__, ssh_err(r));
832 free(pin); 832 free(pin);
833 833
834 if (realpath(provider, canonical_provider) == NULL) {
835 verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
836 provider, strerror(errno));
837 goto send;
838 }
839
840 debug("%s: remove %.100s", __func__, canonical_provider);
834 for (version = 1; version < 3; version++) { 841 for (version = 1; version < 3; version++) {
835 tab = idtab_lookup(version); 842 tab = idtab_lookup(version);
836 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { 843 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
@@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e)
838 /* Skip file--based keys */ 845 /* Skip file--based keys */
839 if (id->provider == NULL) 846 if (id->provider == NULL)
840 continue; 847 continue;
841 if (!strcmp(provider, id->provider)) { 848 if (!strcmp(canonical_provider, id->provider)) {
842 TAILQ_REMOVE(&tab->idlist, id, next); 849 TAILQ_REMOVE(&tab->idlist, id, next);
843 free_identity(id); 850 free_identity(id);
844 tab->nentries--; 851 tab->nentries--;
845 } 852 }
846 } 853 }
847 } 854 }
848 if (pkcs11_del_provider(provider) == 0) 855 if (pkcs11_del_provider(canonical_provider) == 0)
849 success = 1; 856 success = 1;
850 else 857 else
851 error("process_remove_smartcard_key:" 858 error("process_remove_smartcard_key:"
852 " pkcs11_del_provider failed"); 859 " pkcs11_del_provider failed");
860send:
853 free(provider); 861 free(provider);
854 send_status(e, success); 862 send_status(e, success);
855} 863}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 00:18:42 +0000