- dtucker@cvs.openbsd.org 2008/06/13 01:38:23
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
+ - djm@cvs.openbsd.org 2008/06/13 04:40:22
+ [auth2-pubkey.c auth-rhosts.c]
+ refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
+ regular files; report from Solar Designer via Colin Watson in bz#1471
+ ok dtucker@ deraadt
- (dtucker) [clientloop.c serverloop.c] channel_register_filter now
takes 2 more args. with djm@
- (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
-/* $OpenBSD: auth-rhosts.c,v 1.41 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.42 2008/06/13 04:40:22 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
+#include <fcntl.h>
#include "packet.h"
#include "buffer.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
+#include "misc.h"
/* import */
extern ServerOptions options;
{
FILE *f;
char buf[1024]; /* Must not be larger than host, user, dummy below. */
+ int fd;
+ struct stat st;
/* Open the .rhosts file, deny if unreadable */
- f = fopen(filename, "r");
- if (!f)
+ if ((fd = open(filename, O_RDONLY|O_NONBLOCK)) == -1)
return 0;
-
+ if (fstat(fd, &st) == -1) {
+ close(fd);
+ return 0;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s hosts file %s is not a regular file",
+ server_user, filename);
+ close(fd);
+ return 0;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
+ return 0;
+ }
while (fgets(buf, sizeof(buf), f)) {
/* All three must be at least as big as buf to avoid overflows. */
char hostbuf[1024], userbuf[1024], dummy[1024], *host, *user, *cp;
-/* $OpenBSD: auth2-pubkey.c,v 1.15 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.16 2008/06/13 04:40:22 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include <pwd.h>
#include <stdio.h>
#include <stdarg.h>
user_key_allowed2(struct passwd *pw, Key *key, char *file)
{
char line[SSH_MAX_PUBKEY_BYTES];
- int found_key = 0;
+ int found_key = 0, fd;
FILE *f;
u_long linenum = 0;
struct stat st;
debug("trying public key file %s", file);
- /* Fail quietly if file does not exist */
- if (stat(file, &st) < 0) {
- /* Restore the privileged uid. */
+ /*
+ * Open the file containing the authorized keys
+ * Fail quietly if file does not exist
+ */
+ if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
restore_uid();
return 0;
}
- /* Open the file containing the authorized keys. */
- f = fopen(file, "r");
- if (!f) {
- /* Restore the privileged uid. */
+ if (fstat(fd, &st) < 0) {
+ close(fd);
+ restore_uid();
+ return 0;
+ }
+ if (!S_ISREG(st.st_mode)) {
+ logit("User %s authorized keys %s is not a regular file",
+ pw->pw_name, file);
+ close(fd);
+ restore_uid();
+ return 0;
+ }
+ unset_nonblock(fd);
+ if ((f = fdopen(fd, "r")) == NULL) {
+ close(fd);
restore_uid();
return 0;
}
andersk / openssh.git / commitdiff
