diff options
| author |   djm <djm@openbsd.org> | 2015-11-29 22:18:37 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2015-11-29 22:18:37 +0000 |
| commit | a583677ad6afc14dc893f2921804f482284eae14 (patch) | |
| tree | a8ca8117bea247e7150aa0b3d60557dc76038ad3 /usr.bin/ssh/ssh-keysign.c | |
| parent | Make it possible to detach bge(4). (diff) | |
| download | wireguard-openbsd-a583677ad6afc14dc893f2921804f482284eae14.tar.xz wireguard-openbsd-a583677ad6afc14dc893f2921804f482284eae14.zip | |
pledge, better fatal() messages; feedback deraadt@
Diffstat (limited to 'usr.bin/ssh/ssh-keysign.c')
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index 8c11739284c..227de048920 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.50 2015/11/29 22:18:37 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <errno.h> #include "xmalloc.h" #include "log.h" @@ -51,6 +52,8 @@ #include "sshkey.h" #include "ssherr.h" +extern char *__progname; + /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -166,6 +169,9 @@ main(int argc, char **argv) char *host, *fp; size_t slen, dlen; + if (pledge("stdio rpath getpw dns id", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + /* Ensure that stdin and stdout are connected */ if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) exit(1); @@ -226,23 +232,26 @@ main(int argc, char **argv) if (!found) fatal("no hostkey found"); + if (pledge("stdio dns", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal("%s: sshbuf_new failed", __progname); if (ssh_msg_recv(STDIN_FILENO, b) < 0) fatal("ssh_msg_recv failed"); if ((r = sshbuf_get_u8(b, &rver)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (rver != version) fatal("bad version: received %d, expected %d", rver, version); if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) fatal("bad fd"); if ((host = get_local_name(fd)) == NULL) fatal("cannot get local name for fd"); if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); free(host); @@ -258,7 +267,7 @@ main(int argc, char **argv) if (!found) { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal("%s: sshkey_fingerprint failed", __progname); fatal("no matching hostkey found for key %s %s", sshkey_type(key), fp ? fp : ""); } @@ -270,7 +279,7 @@ main(int argc, char **argv) /* send reply */ sshbuf_reset(b); if ((r = sshbuf_put_string(b, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) fatal("ssh_msg_send failed"); |