summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjrick <jrick@cvs.openbsd.org>2024-04-13 15:58:11 +0000
committerjrick <jrick@cvs.openbsd.org>2024-04-13 15:58:11 +0000
commit9061f6c775cd143bd7d7239efc211be444410f3d (patch)
tree19c97a0e331249b30e8c7a57e02afa3d32763277
parent7aa80bd347243db537ceaceaaf4835b8534d9160 (diff)
check group and world permissions of iked psk files
Similar to the permission checks performed on iked.conf(5) due to the possibility of it containing inline psk strings, require psk files to not be group writable or world read-writable. ok tobhe@
-rw-r--r--sbin/iked/parse.y6
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y
index 5fadcd200e6..b9e6f4d6c1d 100644
--- a/sbin/iked/parse.y
+++ b/sbin/iked/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.144 2023/08/11 11:24:55 tobhe Exp $ */
+/* $OpenBSD: parse.y,v 1.145 2024/04/13 15:58:10 jrick Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1950,8 +1950,8 @@ parsekeyfile(char *filename, struct iked_auth *auth)
if ((fd = open(filename, O_RDONLY)) == -1)
err(1, "open %s", filename);
- if (fstat(fd, &sb) == -1)
- err(1, "parsekeyfile: stat %s", filename);
+ if (check_file_secrecy(fd, filename) == -1)
+ exit(1);
if ((sb.st_size > KEYSIZE_LIMIT) || (sb.st_size == 0))
errx(1, "%s: key too %s", filename, sb.st_size ? "large" :
"small");