From 452c0b6af5d14c37553e30059bf74456012493f3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 29 Nov 2015 22:18:37 +0000
Subject: upstream commit

pledge, better fatal() messages; feedback deraadt@

Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
---
 ssh-keysign.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

(limited to 'ssh-keysign.c')

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 1dca3e289..4c99609b2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.50 2015/11/29 22:18:37 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -34,6 +34,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
 
 #ifdef WITH_OPENSSL
 #include <openssl/evp.h>
@@ -59,6 +60,8 @@
 
 struct ssh *active_state = NULL; /* XXX needed for linking */
 
+extern char *__progname;
+
 /* XXX readconf.c needs these */
 uid_t original_real_uid;
 
@@ -179,6 +182,9 @@ main(int argc, char **argv)
 	u_int32_t rnd[256];
 #endif
 
+	if (pledge("stdio rpath getpw dns id", NULL) != 0)
+		fatal("%s: pledge: %s", __progname, strerror(errno));
+
 	/* Ensure that stdin and stdout are connected */
 	if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
 		exit(1);
@@ -245,23 +251,26 @@ main(int argc, char **argv)
 	if (!found)
 		fatal("no hostkey found");
 
+	if (pledge("stdio dns", NULL) != 0)
+		fatal("%s: pledge: %s", __progname, strerror(errno));
+
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal("%s: sshbuf_new failed", __progname);
 	if (ssh_msg_recv(STDIN_FILENO, b) < 0)
 		fatal("ssh_msg_recv failed");
 	if ((r = sshbuf_get_u8(b, &rver)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal("%s: buffer error: %s", __progname, ssh_err(r));
 	if (rver != version)
 		fatal("bad version: received %d, expected %d", rver, version);
 	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal("%s: buffer error: %s", __progname, ssh_err(r));
 	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
 		fatal("bad fd");
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("cannot get local name for fd");
 
 	if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal("%s: buffer error: %s", __progname, ssh_err(r));
 	if (valid_request(pw, host, &key, data, dlen) < 0)
 		fatal("not a valid request");
 	free(host);
@@ -277,7 +286,7 @@ main(int argc, char **argv)
 	if (!found) {
 		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
+			fatal("%s: sshkey_fingerprint failed", __progname);
 		fatal("no matching hostkey found for key %s %s",
 		    sshkey_type(key), fp ? fp : "");
 	}
@@ -289,7 +298,7 @@ main(int argc, char **argv)
 	/* send reply */
 	sshbuf_reset(b);
 	if ((r = sshbuf_put_string(b, signature, slen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal("%s: buffer error: %s", __progname, ssh_err(r));
 	if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
 		fatal("ssh_msg_send failed");
 
-- 
cgit v1.2.3