| blob | 6c18fe807b910d371e1657cd786aef36c761e411 |
1 diff -aur old/authfile.c new/authfile.c
2 --- old/authfile.c 2011-06-12 02:21:52.262338254 +0200
3 +++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200
4 @@ -1,4 +1,4 @@
5 -/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
6 +/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */
7 /*
8 * Author: Tatu Ylonen <ylo@cs.hut.fi>
9 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
10 @@ -69,6 +69,8 @@
11 #include "misc.h"
12 #include "atomicio.h"
14 +#define MAX_KEY_FILE_SIZE (1024 * 1024)
15 +
16 /* Version identification string for SSH v1 identity files. */
17 static const char authfile_id_string[] =
18 "SSH PRIVATE KEY FILE FORMAT 1.1\n";
19 @@ -312,12 +314,12 @@
20 return pub;
21 }
23 -/* Load the contents of a key file into a buffer */
24 -static int
25 +/* Load a key from a fd into a buffer */
26 +int
27 key_load_file(int fd, const char *filename, Buffer *blob)
28 {
29 + u_char buf[1024];
30 size_t len;
31 - u_char *cp;
32 struct stat st;
34 if (fstat(fd, &st) < 0) {
35 @@ -325,30 +327,45 @@
36 filename == NULL ? "" : filename,
37 filename == NULL ? "" : " ",
38 strerror(errno));
39 - close(fd);
40 return 0;
41 }
42 - if (st.st_size > 1*1024*1024) {
43 + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
44 + st.st_size > MAX_KEY_FILE_SIZE) {
45 + toobig:
46 error("%s: key file %.200s%stoo large", __func__,
47 filename == NULL ? "" : filename,
48 filename == NULL ? "" : " ");
49 - close(fd);
50 return 0;
51 }
52 - len = (size_t)st.st_size; /* truncated */
53 -
54 buffer_init(blob);
55 - cp = buffer_append_space(blob, len);
56 -
57 - if (atomicio(read, fd, cp, len) != len) {
58 - debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
59 - filename == NULL ? "" : filename,
60 - filename == NULL ? "" : " ",
61 - strerror(errno));
62 + for (;;) {
63 + if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
64 + if (errno == EPIPE)
65 + break;
66 + debug("%s: read from key file %.200s%sfailed: %.100s",
67 + __func__, filename == NULL ? "" : filename,
68 + filename == NULL ? "" : " ", strerror(errno));
69 + buffer_clear(blob);
70 + bzero(buf, sizeof(buf));
71 + return 0;
72 + }
73 + buffer_append(blob, buf, len);
74 + if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
75 + buffer_clear(blob);
76 + bzero(buf, sizeof(buf));
77 + goto toobig;
78 + }
79 + }
80 + bzero(buf, sizeof(buf));
81 + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
82 + st.st_size != buffer_len(blob)) {
83 + debug("%s: key file %.200s%schanged size while reading",
84 + __func__, filename == NULL ? "" : filename,
85 + filename == NULL ? "" : " ");
86 buffer_clear(blob);
87 - close(fd);
88 return 0;
89 }
90 +
91 return 1;
92 }
94 @@ -606,7 +623,7 @@
95 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
96 error("Permissions 0%3.3o for '%s' are too open.",
97 (u_int)st.st_mode & 0777, filename);
98 - error("It is recommended that your private key files are NOT accessible by others.");
99 + error("It is required that your private key files are NOT accessible by others.");
100 error("This private key will be ignored.");
101 return 0;
102 }
103 @@ -626,6 +643,7 @@
104 case KEY_UNSPEC:
105 return key_parse_private_pem(blob, type, passphrase, commentp);
106 default:
107 + error("%s: cannot parse key type %d", __func__, type);
108 break;
109 }
110 return NULL;
111 @@ -670,11 +688,38 @@
112 }
114 Key *
115 +key_parse_private(Buffer *buffer, const char *filename,
116 + const char *passphrase, char **commentp)
117 +{
118 + Key *pub, *prv;
119 + Buffer pubcopy;
120 +
121 + buffer_init(&pubcopy);
122 + buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer));
123 + /* it's a SSH v1 key if the public key part is readable */
124 + pub = key_parse_public_rsa1(&pubcopy, commentp);
125 + buffer_free(&pubcopy);
126 + if (pub == NULL) {
127 + prv = key_parse_private_type(buffer, KEY_UNSPEC,
128 + passphrase, NULL);
129 + /* use the filename as a comment for PEM */
130 + if (commentp && prv)
131 + *commentp = xstrdup(filename);
132 + } else {
133 + key_free(pub);
134 + /* key_parse_public_rsa1() has already loaded the comment */
135 + prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
136 + NULL);
137 + }
138 + return prv;
139 +}
140 +
141 +Key *
142 key_load_private(const char *filename, const char *passphrase,
143 char **commentp)
144 {
145 - Key *pub, *prv;
146 - Buffer buffer, pubcopy;
147 + Key *prv;
148 + Buffer buffer;
149 int fd;
151 fd = open(filename, O_RDONLY);
152 @@ -697,23 +742,7 @@
153 }
154 close(fd);
156 - buffer_init(&pubcopy);
157 - buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
158 - /* it's a SSH v1 key if the public key part is readable */
159 - pub = key_parse_public_rsa1(&pubcopy, commentp);
160 - buffer_free(&pubcopy);
161 - if (pub == NULL) {
162 - prv = key_parse_private_type(&buffer, KEY_UNSPEC,
163 - passphrase, NULL);
164 - /* use the filename as a comment for PEM */
165 - if (commentp && prv)
166 - *commentp = xstrdup(filename);
167 - } else {
168 - key_free(pub);
169 - /* key_parse_public_rsa1() has already loaded the comment */
170 - prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
171 - NULL);
172 - }
173 + prv = key_parse_private(&buffer, filename, passphrase, commentp);
174 buffer_free(&buffer);
175 return prv;
176 }
177 @@ -737,13 +766,19 @@
178 case '\0':
179 continue;
180 }
181 + /* Abort loading if this looks like a private key */
182 + if (strncmp(cp, "-----BEGIN", 10) == 0)
183 + break;
184 /* Skip leading whitespace. */
185 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
186 ;
187 if (*cp) {
188 if (key_read(k, &cp) == 1) {
189 - if (commentp)
190 - *commentp=xstrdup(filename);
191 + cp[strcspn(cp, "\r\n")] = '\0';
192 + if (commentp) {
193 + *commentp = xstrdup(*cp ?
194 + cp : filename);
195 + }
196 fclose(f);
197 return 1;
198 }