diff options
| author | Damien Miller <djm@mindrot.org> | 2010-12-01 11:50:35 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-12-01 11:50:35 +1100 |
| commit | 2cd629349d9fc4067985fec04b23bfb5ff7aa8d8 (patch) | |
| tree | 7bd99191479f0805ba73623baa7ef47b4189e673 | |
| parent | 188ea814b10e39a399178af1fb18a79ea406f9bb (diff) | |
- djm@cvs.openbsd.org 2010/11/21 01:01:13
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | clientloop.c | 4 | ||||
| -rw-r--r-- | misc.c | 19 | ||||
| -rw-r--r-- | misc.h | 3 | ||||
| -rw-r--r-- | ssh-agent.1 | 8 | ||||
| -rw-r--r-- | ssh-agent.c | 4 |
6 files changed, 32 insertions, 10 deletions
@@ -3,6 +3,10 @@ - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 [auth2-pubkey.c] clean up cases of ;; + - djm@cvs.openbsd.org 2010/11/21 01:01:13 + [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] + honour $TMPDIR for client xauth and ssh-agent temporary directories; + feedback and ok markus@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and diff --git a/clientloop.c b/clientloop.c index 52dcb4c0..076386cc 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.224 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.225 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -325,7 +325,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, if (trusted == 0) { xauthdir = xmalloc(MAXPATHLEN); xauthfile = xmalloc(MAXPATHLEN); - strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + mktemp_proto(xauthdir, MAXPATHLEN); if (mkdtemp(xauthdir) != NULL) { do_unlink = 1; snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.83 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.84 2010/11/21 01:01:13 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -916,6 +916,23 @@ bandwidth_limit(struct bwlimit *bw, size_t read_len) gettimeofday(&bw->bwstart, NULL); } +/* Make a template filename for mk[sd]temp() */ +void +mktemp_proto(char *s, size_t len) +{ + const char *tmpdir; + int r; + + if ((tmpdir = getenv("TMPDIR")) != NULL) { + r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); + if (r > 0 && (size_t)r < len) + return; + } + r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); + if (r < 0 || (size_t)r >= len) + fatal("%s: template string too short", __func__); +} + static const struct { const char *name; int value; @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.46 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.47 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -89,6 +89,7 @@ void bandwidth_limit_init(struct bwlimit *, u_int64_t, size_t); void bandwidth_limit(struct bwlimit *, size_t); int parse_ipqos(const char *); +void mktemp_proto(char *, size_t); /* readpass.c */ diff --git a/ssh-agent.1 b/ssh-agent.1 index 134b93ae..bb801c90 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.52 2010/08/31 17:40:54 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 31 2010 $ +.Dd $Mdocdate: November 21 2010 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -72,7 +72,7 @@ Bind the agent to the socket .Ar bind_address . The default is -.Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . +.Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt . .It Fl c Generate C-shell commands on .Dv stdout . @@ -192,7 +192,7 @@ Contains the protocol version 2 DSA authentication identity of the user. Contains the protocol version 2 ECDSA authentication identity of the user. .It Pa ~/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -.It Pa /tmp/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt +.It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt .Ux Ns -domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. diff --git a/ssh-agent.c b/ssh-agent.c index a978d293..afba413d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.170 2010/08/31 12:33:38 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.171 2010/11/21 01:01:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1232,7 +1232,7 @@ main(int ac, char **av) if (agentsocket == NULL) { /* Create private directory for agent socket */ - strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); + mktemp_proto(socket_dir, sizeof(socket_dir)); if (mkdtemp(socket_dir) == NULL) { perror("mkdtemp: private socket dir"); exit(1); |