summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/ssh-keysign.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/ssh-keysign.c')
-rw-r--r--crypto/openssh/ssh-keysign.c27
1 files changed, 19 insertions, 8 deletions
diff --git a/crypto/openssh/ssh-keysign.c b/crypto/openssh/ssh-keysign.c
index 1dca3e2..ac5034d 100644
--- a/crypto/openssh/ssh-keysign.c
+++ b/crypto/openssh/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -34,6 +34,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <errno.h>
#ifdef WITH_OPENSSL
#include <openssl/evp.h>
@@ -59,6 +60,8 @@
struct ssh *active_state = NULL; /* XXX needed for linking */
+extern char *__progname;
+
/* XXX readconf.c needs these */
uid_t original_real_uid;
@@ -179,6 +182,10 @@ main(int argc, char **argv)
u_int32_t rnd[256];
#endif
+ ssh_malloc_init(); /* must be called before any mallocs */
+ if (pledge("stdio rpath getpw dns id", NULL) != 0)
+ fatal("%s: pledge: %s", __progname, strerror(errno));
+
/* Ensure that stdin and stdout are connected */
if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
exit(1);
@@ -245,23 +252,26 @@ main(int argc, char **argv)
if (!found)
fatal("no hostkey found");
+ if (pledge("stdio dns", NULL) != 0)
+ fatal("%s: pledge: %s", __progname, strerror(errno));
+
if ((b = sshbuf_new()) == NULL)
- fatal("%s: sshbuf_new failed", __func__);
+ fatal("%s: sshbuf_new failed", __progname);
if (ssh_msg_recv(STDIN_FILENO, b) < 0)
fatal("ssh_msg_recv failed");
if ((r = sshbuf_get_u8(b, &rver)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal("%s: buffer error: %s", __progname, ssh_err(r));
if (rver != version)
fatal("bad version: received %d, expected %d", rver, version);
if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal("%s: buffer error: %s", __progname, ssh_err(r));
if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
fatal("bad fd");
if ((host = get_local_name(fd)) == NULL)
fatal("cannot get local name for fd");
if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal("%s: buffer error: %s", __progname, ssh_err(r));
if (valid_request(pw, host, &key, data, dlen) < 0)
fatal("not a valid request");
free(host);
@@ -277,19 +287,20 @@ main(int argc, char **argv)
if (!found) {
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
SSH_FP_DEFAULT)) == NULL)
- fatal("%s: sshkey_fingerprint failed", __func__);
+ fatal("%s: sshkey_fingerprint failed", __progname);
fatal("no matching hostkey found for key %s %s",
sshkey_type(key), fp ? fp : "");
}
- if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, 0)) != 0)
+ if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0))
+ != 0)
fatal("sshkey_sign failed: %s", ssh_err(r));
free(data);
/* send reply */
sshbuf_reset(b);
if ((r = sshbuf_put_string(b, signature, slen)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ fatal("%s: buffer error: %s", __progname, ssh_err(r));
if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
fatal("ssh_msg_send failed");
OpenPOWER on IntegriCloud