On Thu, Nov 07, 2019 at 03:56:12PM +0100, Alexander Bluhm wrote:
> On Thu, Nov 07, 2019 at 11:08:38AM +0100, igor kos wrote:
> > If I started isakmpd on OBSD 6.6:
> >
> > test66/etc/isakmpd>isakmpd -4 -K -T -d
> > 154833.658332 Default isakmpd: starting [priv]
> > 154833.660031 Default conf_reinit: open("/etc/isakmpd/isakmpd.conf",
> > O_RDONLY, 0) failed: Permission denied
> >
> > But, older version OBSD didn't ask for isakmpd.conf, if I use -K switch:
>
> This is a result of the changed realpath(3) behavior. isakmpd(8)
> should be less clever and just use the errno from the system.
>
> Could you test this diff?
Any test or ok for this?
bluhm
> Index: sbin/isakmpd/monitor.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sbin/isakmpd/monitor.c,v
> retrieving revision 1.77
> diff -u -p -r1.77 monitor.c
> --- sbin/isakmpd/monitor.c 28 Jun 2019 13:32:44 -0000 1.77
> +++ sbin/isakmpd/monitor.c 7 Nov 2019 14:48:18 -0000
> @@ -518,9 +518,9 @@ m_priv_getfd(void)
>
> if ((ret = m_priv_local_sanitize_path(path, sizeof path, flags))
> != 0) {
> - if (ret == 1)
> + if (errno != ENOENT)
> log_print("m_priv_getfd: illegal path \"%s\"", path);
> - err = EACCES;
> + err = errno;
> v = -1;
> } else {
> if ((v = open(path, flags, mode)) == -1)
> @@ -695,15 +695,8 @@ m_priv_local_sanitize_path(char *path, s
> */
>
> if (realpath(path, new_path) == NULL ||
> - realpath("/var/run", var_run) == NULL) {
> - /*
> - * We could not decide whether the path is ok or not.
> - * Indicate this be returning 2.
> - */
> - if (errno == ENOENT)
> - return 2;
> - goto bad_path;
> - }
> + realpath("/var/run", var_run) == NULL)
> + return 1;
> strlcat(var_run, "/", sizeof(var_run));
>
> if (strncmp(var_run, new_path, strlen(var_run)) == 0)
> @@ -713,7 +706,7 @@ m_priv_local_sanitize_path(char *path, s
> (flags & O_ACCMODE) == O_RDONLY)
> return 0;
>
> -bad_path:
> + errno = EACCES;
> return 1;
> }
>
