diff options
| author |   djm <djm@openbsd.org> | 2017-03-15 02:25:09 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2017-03-15 02:25:09 +0000 |
| commit | f1d5c0e14aaadaee7587e6655cfed5e636eb4434 (patch) | |
| tree | f2c3fee7ec432a0a654c76aad7e3f183e7853b86 /usr.bin/ssh/ssh-agent.c | |
| parent | Fix segfault when sshd attempts to load RSA1 keys (can only happen (diff) | |
| download | wireguard-openbsd-f1d5c0e14aaadaee7587e6655cfed5e636eb4434.tar.xz wireguard-openbsd-f1d5c0e14aaadaee7587e6655cfed5e636eb4434.zip | |
fix regression in 7.4: deletion of PKCS#11-hosted keys would fail
unless they were specified by full physical pathname.
Report and fix from Jakub Jelen via bz#2682; ok dtucker@
Diffstat (limited to 'usr.bin/ssh/ssh-agent.c')
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index f90bd9d9d22..404dd4edcc8 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.216 2017/01/04 02:21:43 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.217 2017/03/15 02:25:09 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -808,7 +808,7 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - char *provider = NULL, *pin = NULL; + char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX]; int r, version, success = 0; Identity *id, *nxt; Idtab *tab; @@ -818,6 +818,13 @@ process_remove_smartcard_key(SocketEntry *e) fatal("%s: buffer error: %s", __func__, ssh_err(r)); free(pin); + if (realpath(provider, canonical_provider) == NULL) { + verbose("failed PKCS#11 add of \"%.100s\": realpath: %s", + provider, strerror(errno)); + goto send; + } + + debug("%s: remove %.100s", __func__, canonical_provider); for (version = 1; version < 3; version++) { tab = idtab_lookup(version); for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) { @@ -825,14 +832,14 @@ process_remove_smartcard_key(SocketEntry *e) /* Skip file--based keys */ if (id->provider == NULL) continue; - if (!strcmp(provider, id->provider)) { + if (!strcmp(canonical_provider, id->provider)) { TAILQ_REMOVE(&tab->idlist, id, next); free_identity(id); tab->nentries--; } } } - if (pkcs11_del_provider(provider) == 0) + if (pkcs11_del_provider(canonical_provider) == 0) success = 1; else error("process_remove_smartcard_key:" |