svn commit: r303952 - stable/11/crypto/openssh

Thu, 11 Aug 2016 01:30:07 -0700 

Author: des
Date: Thu Aug 11 08:29:15 2016
New Revision: 303952
URL: https://svnweb.freebsd.org/changeset/base/303952

Log:
  MFH (r303832): check whether each key file exists before adding it
  
  PR:           208254
  Approved by:  re (kib)

Modified:
  stable/11/crypto/openssh/servconf.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/crypto/openssh/servconf.c
==============================================================================
--- stable/11/crypto/openssh/servconf.c Thu Aug 11 07:58:23 2016        
(r303951)
+++ stable/11/crypto/openssh/servconf.c Thu Aug 11 08:29:15 2016        
(r303952)
@@ -22,6 +22,7 @@ __RCSID("$FreeBSD$");
 #include <netinet/ip.h>
 
 #include <ctype.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -206,24 +207,28 @@ fill_default_server_options(ServerOption
        /* Standard Options */
        if (options->protocol == SSH_PROTO_UNKNOWN)
                options->protocol = SSH_PROTO_2;
+#define add_host_key_file(path)                                                
\
+       do {                                                            \
+               if (access((path), O_RDONLY) == 0)                      \
+                       options->host_key_files                         \
+                           [options->num_host_key_files++] = (path);   \
+       } while (0)
        if (options->num_host_key_files == 0) {
                /* fill default hostkeys for protocols */
                if (options->protocol & SSH_PROTO_1)
-                       options->host_key_files[options->num_host_key_files++] =
-                           _PATH_HOST_KEY_FILE;
+                       add_host_key_file(_PATH_HOST_KEY_FILE);
                if (options->protocol & SSH_PROTO_2) {
-                       options->host_key_files[options->num_host_key_files++] =
-                           _PATH_HOST_RSA_KEY_FILE;
-                       options->host_key_files[options->num_host_key_files++] =
-                           _PATH_HOST_DSA_KEY_FILE;
+                       add_host_key_file(_PATH_HOST_RSA_KEY_FILE);
+                       add_host_key_file(_PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
-                       options->host_key_files[options->num_host_key_files++] =
-                           _PATH_HOST_ECDSA_KEY_FILE;
+                       add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE);
 #endif
-                       options->host_key_files[options->num_host_key_files++] =
-                           _PATH_HOST_ED25519_KEY_FILE;
+                       add_host_key_file(_PATH_HOST_ED25519_KEY_FILE);
                }
        }
+#undef add_host_key_file
+       if (options->num_host_key_files == 0)
+               fatal("No host key files found");
        /* No certificates by default */
        if (options->num_ports == 0)
                options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to