diff options
Diffstat (limited to 'staging/openssh/authfile.c.patch')
| -rw-r--r-- | staging/openssh/authfile.c.patch | 198 |
1 files changed, 0 insertions, 198 deletions
diff --git a/staging/openssh/authfile.c.patch b/staging/openssh/authfile.c.patch deleted file mode 100644 index 6c18fe807..000000000 --- a/staging/openssh/authfile.c.patch +++ /dev/null @@ -1,198 +0,0 @@ -diff -aur old/authfile.c new/authfile.c ---- old/authfile.c 2011-06-12 02:21:52.262338254 +0200 -+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200 -@@ -1,4 +1,4 @@ --/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ -+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -69,6 +69,8 @@ - #include "misc.h" - #include "atomicio.h" - -+#define MAX_KEY_FILE_SIZE (1024 * 1024) -+ - /* Version identification string for SSH v1 identity files. */ - static const char authfile_id_string[] = - "SSH PRIVATE KEY FILE FORMAT 1.1\n"; -@@ -312,12 +314,12 @@ - return pub; - } - --/* Load the contents of a key file into a buffer */ --static int -+/* Load a key from a fd into a buffer */ -+int - key_load_file(int fd, const char *filename, Buffer *blob) - { -+ u_char buf[1024]; - size_t len; -- u_char *cp; - struct stat st; - - if (fstat(fd, &st) < 0) { -@@ -325,30 +327,45 @@ - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); -- close(fd); - return 0; - } -- if (st.st_size > 1*1024*1024) { -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size > MAX_KEY_FILE_SIZE) { -+ toobig: - error("%s: key file %.200s%stoo large", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " "); -- close(fd); - return 0; - } -- len = (size_t)st.st_size; /* truncated */ -- - buffer_init(blob); -- cp = buffer_append_space(blob, len); -- -- if (atomicio(read, fd, cp, len) != len) { -- debug("%s: read from key file %.200s%sfailed: %.100s", __func__, -- filename == NULL ? "" : filename, -- filename == NULL ? "" : " ", -- strerror(errno)); -+ for (;;) { -+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { -+ if (errno == EPIPE) -+ break; -+ debug("%s: read from key file %.200s%sfailed: %.100s", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " ", strerror(errno)); -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ return 0; -+ } -+ buffer_append(blob, buf, len); -+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ goto toobig; -+ } -+ } -+ bzero(buf, sizeof(buf)); -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size != buffer_len(blob)) { -+ debug("%s: key file %.200s%schanged size while reading", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " "); - buffer_clear(blob); -- close(fd); - return 0; - } -+ - return 1; - } - -@@ -606,7 +623,7 @@ - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Permissions 0%3.3o for '%s' are too open.", - (u_int)st.st_mode & 0777, filename); -- error("It is recommended that your private key files are NOT accessible by others."); -+ error("It is required that your private key files are NOT accessible by others."); - error("This private key will be ignored."); - return 0; - } -@@ -626,6 +643,7 @@ - case KEY_UNSPEC: - return key_parse_private_pem(blob, type, passphrase, commentp); - default: -+ error("%s: cannot parse key type %d", __func__, type); - break; - } - return NULL; -@@ -670,11 +688,38 @@ - } - - Key * -+key_parse_private(Buffer *buffer, const char *filename, -+ const char *passphrase, char **commentp) -+{ -+ Key *pub, *prv; -+ Buffer pubcopy; -+ -+ buffer_init(&pubcopy); -+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer)); -+ /* it's a SSH v1 key if the public key part is readable */ -+ pub = key_parse_public_rsa1(&pubcopy, commentp); -+ buffer_free(&pubcopy); -+ if (pub == NULL) { -+ prv = key_parse_private_type(buffer, KEY_UNSPEC, -+ passphrase, NULL); -+ /* use the filename as a comment for PEM */ -+ if (commentp && prv) -+ *commentp = xstrdup(filename); -+ } else { -+ key_free(pub); -+ /* key_parse_public_rsa1() has already loaded the comment */ -+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, -+ NULL); -+ } -+ return prv; -+} -+ -+Key * - key_load_private(const char *filename, const char *passphrase, - char **commentp) - { -- Key *pub, *prv; -- Buffer buffer, pubcopy; -+ Key *prv; -+ Buffer buffer; - int fd; - - fd = open(filename, O_RDONLY); -@@ -697,23 +742,7 @@ - } - close(fd); - -- buffer_init(&pubcopy); -- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); -- /* it's a SSH v1 key if the public key part is readable */ -- pub = key_parse_public_rsa1(&pubcopy, commentp); -- buffer_free(&pubcopy); -- if (pub == NULL) { -- prv = key_parse_private_type(&buffer, KEY_UNSPEC, -- passphrase, NULL); -- /* use the filename as a comment for PEM */ -- if (commentp && prv) -- *commentp = xstrdup(filename); -- } else { -- key_free(pub); -- /* key_parse_public_rsa1() has already loaded the comment */ -- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, -- NULL); -- } -+ prv = key_parse_private(&buffer, filename, passphrase, commentp); - buffer_free(&buffer); - return prv; - } -@@ -737,13 +766,19 @@ - case '\0': - continue; - } -+ /* Abort loading if this looks like a private key */ -+ if (strncmp(cp, "-----BEGIN", 10) == 0) -+ break; - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - if (*cp) { - if (key_read(k, &cp) == 1) { -- if (commentp) -- *commentp=xstrdup(filename); -+ cp[strcspn(cp, "\r\n")] = '\0'; -+ if (commentp) { -+ *commentp = xstrdup(*cp ? -+ cp : filename); -+ } - fclose(f); - return 1; - } |