diff options
| author |   markus <markus@openbsd.org> | 2017-05-30 08:49:32 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2017-05-30 08:49:32 +0000 |
| commit | c9c098b245d98e3d4d9fd82b93452dcc0d9491b0 (patch) | |
| tree | cc8149a1103cfd01ac1a8ceaea6d7e555cad5f7e | |
| parent | fileops test: Also run on ext2fs (diff) | |
| download | wireguard-openbsd-c9c098b245d98e3d4d9fd82b93452dcc0d9491b0.tar.xz wireguard-openbsd-c9c098b245d98e3d4d9fd82b93452dcc0d9491b0.zip | |
revise sshkey_load_public(): remove ssh1 related comments, remove extra
open()/close() on keyfile, prevent leak of 'pub' if 'keyp' is NULL,
replace strlcpy+cat with asprintf; ok djm@
| -rw-r--r-- | usr.bin/ssh/authfile.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index dd3500ba485..080eb801392 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.124 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.125 2017/05/30 08:49:32 markus Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -311,50 +311,48 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp) return SSH_ERR_INVALID_FORMAT; } -/* load public key from ssh v1 private or any pubkey file */ +/* load public key from any pubkey file */ int sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) { struct sshkey *pub = NULL; - char file[PATH_MAX]; - int r, fd; + char *file = NULL; + int r; if (keyp != NULL) *keyp = NULL; if (commentp != NULL) *commentp = NULL; - /* XXX should load file once and attempt to parse each format */ - - if ((fd = open(filename, O_RDONLY)) < 0) - goto skip; - close(fd); - - /* try ssh2 public key */ if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) { - if (keyp != NULL) + if (keyp != NULL) { *keyp = pub; - return 0; + pub = NULL; + } + r = 0; + goto out; } sshkey_free(pub); - - skip: /* try .pub suffix */ - if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) + if (asprintf(&file, "%s.pub", filename) == -1) return SSH_ERR_ALLOC_FAIL; - r = SSH_ERR_ALLOC_FAIL; /* in case strlcpy or strlcat fail */ - if ((strlcpy(file, filename, sizeof file) < sizeof(file)) && - (strlcat(file, ".pub", sizeof file) < sizeof(file)) && - (r = sshkey_try_load_public(pub, file, commentp)) == 0) { - if (keyp != NULL) + if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) { + if (keyp != NULL) { *keyp = pub; - return 0; + pub = NULL; + } + r = 0; } + out: + free(file); sshkey_free(pub); - return r; } |