X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/4095f6236dbb73d0def07a69071f7b85364cbd1a..17c7855ac84fd32e868a275c778f81dc67b52b1e:/auth-rhosts.c

diff --git a/auth-rhosts.c b/auth-rhosts.c
index 1deeb30b..5c129670 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: auth-rhosts.c,v 1.43 2008/06/13 14:18:51 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -14,7 +15,6 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.35 2006/02/20 17:19:53 stevesk Exp $");
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -22,14 +22,24 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.35 2006/02/20 17:19:53 stevesk Exp $");
 #ifdef HAVE_NETGROUP_H
 # include <netgroup.h>
 #endif
+#include <pwd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <unistd.h>
 
 #include "packet.h"
+#include "buffer.h"
 #include "uidswap.h"
 #include "pathnames.h"
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
+#include "misc.h"
 
 /* import */
 extern ServerOptions options;
@@ -48,12 +58,27 @@ check_rhosts_file(const char *filename, const char *hostname,
 {
 	FILE *f;
 	char buf[1024];	/* Must not be larger than host, user, dummy below. */
+	int fd;
+	struct stat st;
 
 	/* Open the .rhosts file, deny if unreadable */
-	f = fopen(filename, "r");
-	if (!f)
+	if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
 		return 0;
-
+	if (fstat(fd, &st) == -1) {
+		close(fd);
+		return 0;
+	}
+	if (!S_ISREG(st.st_mode)) {
+		logit("User %s hosts file %s is not a regular file",
+		    server_user, filename);
+		close(fd);
+		return 0;
+	}
+	unset_nonblock(fd);
+	if ((f = fdopen(fd, "r")) == NULL) {
+		close(fd);
+		return 0;
+	}
 	while (fgets(buf, sizeof(buf), f)) {
 		/* All three must be at least as big as buf to avoid overflows. */
 		char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;