aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2016-08-11 08:29:15 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2016-08-11 08:29:15 +0000
commit64f44a7c96c53f7f7722c45a647a513c5624ae56 (patch)
treecbc58963e26ea0106523d432757b7ce1a827fc3c /crypto
parent7769821166d94a3a0650c28c21ef1143df362385 (diff)
downloadsrc-64f44a7c96c53f7f7722c45a647a513c5624ae56.tar.gz
src-64f44a7c96c53f7f7722c45a647a513c5624ae56.zip
MFH (r303832): check whether each key file exists before adding it
PR: 208254 Approved by: re (kib)
Notes
Notes: svn path=/stable/11/; revision=303952
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/servconf.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index da558de2c19e..6fb8be5bfd5a 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -22,6 +22,7 @@ __RCSID("$FreeBSD$");
#include <netinet/ip.h>
#include <ctype.h>
+#include <fcntl.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -206,24 +207,28 @@ fill_default_server_options(ServerOptions *options)
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->protocol = SSH_PROTO_2;
+#define add_host_key_file(path) \
+ do { \
+ if (access((path), O_RDONLY) == 0) \
+ options->host_key_files \
+ [options->num_host_key_files++] = (path); \
+ } while (0)
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_KEY_FILE;
+ add_host_key_file(_PATH_HOST_KEY_FILE);
if (options->protocol & SSH_PROTO_2) {
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_RSA_KEY_FILE;
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_DSA_KEY_FILE;
+ add_host_key_file(_PATH_HOST_RSA_KEY_FILE);
+ add_host_key_file(_PATH_HOST_DSA_KEY_FILE);
#ifdef OPENSSL_HAS_ECC
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ECDSA_KEY_FILE;
+ add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE);
#endif
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ED25519_KEY_FILE;
+ add_host_key_file(_PATH_HOST_ED25519_KEY_FILE);
}
}
+#undef add_host_key_file
+ if (options->num_host_key_files == 0)
+ fatal("No host key files found");
/* No certificates by default */
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;