- dtucker@cvs.openbsd.org 2006/04/25 08:02:27

     [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@

1 files changed, 6 insertions, 2 deletions

diff --git a/authfile.c b/authfile.c
index b95b9470..b1a28528 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -538,7 +538,7 @@ key_perm_ok(int fd, const char *filename)
 
 Key *
 key_load_private_type(int type, const char *filename, const char *passphrase,
-    char **commentp)
+    char **commentp, int *perm_ok)
 {
 	int fd;
 
@@ -546,10 +546,14 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
 	if (fd < 0)
 		return NULL;
 	if (!key_perm_ok(fd, filename)) {
+		if (perm_ok != NULL)
+			*perm_ok = 0;
 		error("bad permissions: ignore key: %s", filename);
 		close(fd);
 		return NULL;
 	}
+	if (perm_ok != NULL)
+		*perm_ok = 1;
 	switch (type) {
 	case KEY_RSA1:
 		return key_load_private_rsa1(fd, filename, passphrase,