On Wed Feb 18, 2026 at 07:29:47AM +0100, Rafael Sadowski wrote:
> On Wed Feb 18, 2026 at 02:03:22AM +0100, Christian Schulte wrote:
> > Starting with revision 1.171 of parse.y [1], relayd config files may
> > contain cleartext passwords. Although the example relayd.conf file
> > is not group writeable or world read/writeable - preserved when copied
> > to /etc - the parser does not check file permissions.
> > 
> > $ ls -lah /etc/examples/relayd.conf
> > -rw-------  1 root  wheel   2.7K Feb 17 09:11 /etc/examples/relayd.conf
> > 
> > The parser should call check_file_secrecy to give users a chance to
> > notice they may be using unsecure file permissions. The following diff
> > adds those checks.
> > 
> > [1] 
> > <https://github.com/openbsd/src/commit/cf39ad791b5ef405f8d49ae32cced6e5cf55b8e7>
> > 
> > 
> > Index: usr.sbin/relayd/parse.y
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> > diff -u -p -u -r1.258 parse.y
> > --- usr.sbin/relayd/parse.y 28 Oct 2024 19:56:18 -0000      1.258
> > +++ usr.sbin/relayd/parse.y 18 Feb 2026 00:54:51 -0000
> > @@ -215,7 +215,7 @@ grammar         : /* empty */
> >  include            : INCLUDE STRING                {
> >                     struct file     *nfile;
> >  
> > -                   if ((nfile = pushfile($2, 0)) == NULL) {
> > +                   if ((nfile = pushfile($2, 1)) == NULL) {
> >                             yyerror("failed to include file %s", $2);
> >                             free($2);
> >                             YYERROR;
> > @@ -2883,7 +2883,7 @@ parse_config(const char *filename, struc
> >  
> >     errors = 0;
> >  
> > -   if ((file = pushfile(filename, 0)) == NULL)
> > +   if ((file = pushfile(filename, 1)) == NULL)
> >             return (-1);
> >  
> >     topfile = file;
> > @@ -2932,7 +2932,7 @@ load_config(const char *filename, struct
> >     proto = NULL;
> >     router = NULL;
> >  
> > -   if ((file = pushfile(filename, 0)) == NULL)
> > +   if ((file = pushfile(filename, 1)) == NULL)
> >             return (-1);
> >  
> >     topfile = file;
> > 
> 
> I come to the same conclusion. However, I would completely remove the
> flag since it is no longer used. We should ALWAYS do check_file_secrecy.
> 

... and now with the proper diff:

diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y
index fcdfb8e92e3..62ba3522b6d 100644
--- a/usr.sbin/relayd/parse.y
+++ b/usr.sbin/relayd/parse.y
@@ -70,7 +70,7 @@ static struct file {
        int                      lineno;
        int                      errors;
 } *file, *topfile;
-struct file    *pushfile(const char *, int);
+struct file    *pushfile(const char *);
 int             popfile(void);
 int             check_file_secrecy(int, const char *);
 int             yyparse(void);
@@ -215,7 +215,7 @@ grammar             : /* empty */
 include                : INCLUDE STRING                {
                        struct file     *nfile;
 
-                       if ((nfile = pushfile($2, 0)) == NULL) {
+                       if ((nfile = pushfile($2)) == NULL) {
                                yyerror("failed to include file %s", $2);
                                free($2);
                                YYERROR;
@@ -2814,7 +2814,7 @@ check_file_secrecy(int fd, const char *fname)
 }
 
 struct file *
-pushfile(const char *name, int secret)
+pushfile(const char *name)
 {
        struct file     *nfile;
 
@@ -2832,8 +2832,8 @@ pushfile(const char *name, int secret)
                free(nfile->name);
                free(nfile);
                return (NULL);
-       } else if (secret &&
-           check_file_secrecy(fileno(nfile->stream), nfile->name)) {
+       }
+       if (check_file_secrecy(fileno(nfile->stream), nfile->name)) {
                fclose(nfile->stream);
                free(nfile->name);
                free(nfile);
@@ -2883,7 +2883,7 @@ parse_config(const char *filename, struct relayd *x_conf)
 
        errors = 0;
 
-       if ((file = pushfile(filename, 0)) == NULL)
+       if ((file = pushfile(filename)) == NULL)
                return (-1);
 
        topfile = file;
@@ -2932,7 +2932,7 @@ load_config(const char *filename, struct relayd *x_conf)
        proto = NULL;
        router = NULL;
 
-       if ((file = pushfile(filename, 0)) == NULL)
+       if ((file = pushfile(filename)) == NULL)
                return (-1);
 
        topfile = file;

Reply via email to