diff options
| author | Renato Botelho <renato@netgate.com> | 2016-03-14 07:56:21 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-03-14 07:56:21 -0300 |
| commit | a26e4b3de35515ec3eaf2eb76b001a6a502bf56c (patch) | |
| tree | 66dd86f3e16db9b45f07c989e95501b6456cf6a5 /crypto/openssh/ssh-keysign.c | |
| parent | 7d66bf7f17e48798ec04b7a6d99daff1820e28f8 (diff) | |
| parent | a64e8d254dc9ecd38594b71dcd7d53c6084c5abc (diff) | |
| download | FreeBSD-src-a26e4b3de35515ec3eaf2eb76b001a6a502bf56c.zip FreeBSD-src-a26e4b3de35515ec3eaf2eb76b001a6a502bf56c.tar.gz | |
Merge remote-tracking branch 'origin/stable/10' into devel
Diffstat (limited to 'crypto/openssh/ssh-keysign.c')
| -rw-r--r-- | crypto/openssh/ssh-keysign.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c index 1dca3e2..ac5034d 100644 --- a/crypto/openssh/ssh-keysign.c +++ b/crypto/openssh/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <errno.h> #ifdef WITH_OPENSSL #include <openssl/evp.h> @@ -59,6 +60,8 @@ struct ssh *active_state = NULL; /* XXX needed for linking */ +extern char *__progname; + /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -179,6 +182,10 @@ main(int argc, char **argv) u_int32_t rnd[256]; #endif + ssh_malloc_init(); /* must be called before any mallocs */ + if (pledge("stdio rpath getpw dns id", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + /* Ensure that stdin and stdout are connected */ if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) exit(1); @@ -245,23 +252,26 @@ main(int argc, char **argv) if (!found) fatal("no hostkey found"); + if (pledge("stdio dns", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal("%s: sshbuf_new failed", __progname); if (ssh_msg_recv(STDIN_FILENO, b) < 0) fatal("ssh_msg_recv failed"); if ((r = sshbuf_get_u8(b, &rver)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (rver != version) fatal("bad version: received %d, expected %d", rver, version); if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) fatal("bad fd"); if ((host = get_local_name(fd)) == NULL) fatal("cannot get local name for fd"); if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); free(host); @@ -277,19 +287,20 @@ main(int argc, char **argv) if (!found) { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal("%s: sshkey_fingerprint failed", __progname); fatal("no matching hostkey found for key %s %s", sshkey_type(key), fp ? fp : ""); } - if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, 0)) != 0) + if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) + != 0) fatal("sshkey_sign failed: %s", ssh_err(r)); free(data); /* send reply */ sshbuf_reset(b); if ((r = sshbuf_put_string(b, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) fatal("ssh_msg_send failed"); |
