avoid stat before open

ok ho@

3 files changed, 81 insertions, 59 deletions

diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 27b4a1e5325..b7d7b6113a2 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.69 2004/06/14 09:55:41 ho Exp $	 */
+/* $OpenBSD: conf.c,v 1.70 2004/06/14 13:53:31 hshoexer Exp $	 */
 /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $	 */
 
 /*
@@ -374,7 +374,7 @@ conf_load_defaults_mm(int tr, char *mme, char *mmh, char *mma, char *dhg,
 
 	snprintf(sect, sizeof sect, "%s-%s%s%s", mme_p, mmh, dhg_p, mma_p);
 
-	LOG_DBG((LOG_MISC, 90, "conf_load_defaults : main mode %s", sect));
+	LOG_DBG((LOG_MISC, 90, "conf_load_defaults_mm: main mode %s", sect));
 
 	conf_set(tr, sect, "ENCRYPTION_ALGORITHM", mme, 0, 1);
 	if (strcmp(mme, "BLOWFISH_CBC") == 0)
@@ -411,7 +411,7 @@ conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p,
 	strlcpy(sect, tmp, CONF_SECT_MAX);
 	strlcat(sect, "-SUITE",	CONF_SECT_MAX);
 
-	LOG_DBG((LOG_MISC, 90, "conf_load_defaults : quick mode %s", sect));
+	LOG_DBG((LOG_MISC, 90, "conf_load_defaults_qm: quick mode %s", sect));
 
 	conf_set(tr, sect, "Protocols", tmp, 0, 1);
 	snprintf(sect, sizeof sect, "IPSEC_%s", PROTO(proto));
@@ -567,18 +567,11 @@ conf_reinit(void)
 	unsigned int i;
 	size_t	 sz;
 	char	*new_conf_addr = 0;
-	struct stat sb;
 
-	if ((monitor_stat(conf_path, &sb) == 0) || (errno != ENOENT)) {
-		if (check_file_secrecy(conf_path, &sz))
-			return;
+	if ((fd = monitor_open(conf_path, O_RDONLY, 0)) != -1) {
+		if (check_file_secrecy_fd(fd, conf_path, &sz))
+			goto fail;
 
-		fd = monitor_open(conf_path, O_RDONLY, 0);
-		if (fd == -1) {
-			log_error("conf_reinit: "
-			    "open (\"%s\", O_RDONLY) failed", conf_path);
-			return;
-		}
 		new_conf_addr = malloc(sz);
 		if (!new_conf_addr) {
 			log_error("conf_reinit: malloc (%lu) failed",
@@ -597,8 +590,13 @@ conf_reinit(void)
 
 		/* XXX Should we not care about errors and rollback?  */
 		conf_parse(trans, new_conf_addr, sz);
-	} else
+	} else {
+		if (errno != ENOENT)
+			log_error("conf_reinit: open(\"%s\", O_RDONLY, 0) "
+			    "failed", conf_path);
+
 		trans = conf_begin();
+	}
 
 	/* Load default configuration values.  */
 	conf_load_defaults(trans);
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 0615c16b60c..0947e1814fa 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.90 2004/06/14 09:55:41 ho Exp $	 */
+/* $OpenBSD: ike_auth.c,v 1.91 2004/06/14 13:53:31 hshoexer Exp $	 */
 /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $	 */
 
 /*
@@ -34,12 +34,14 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
-#include <unistd.h>
-#include <fcntl.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+
+#include <errno.h>
+#include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <regex.h>
 #if defined (USE_KEYNOTE)
 #include <keynote.h>
@@ -173,7 +175,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
 			buf = malloc(*keylen);
 			if (!buf) {
 				log_error("ike_auth_get_key: malloc (%lu) "
-				    "failed", (unsigned long) *keylen);
+				    "failed", (unsigned long)*keylen);
 				return 0;
 			}
 			if (hex2raw(key + 2, (unsigned char *)buf, *keylen)) {
@@ -217,19 +219,20 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
 			    local_id, PRIVATE_KEY_FILE);
 			keyfile = privkeyfile;
 
-			if (monitor_stat(keyfile, &sb) < 0) {
+			fd = monitor_open(keyfile, O_RDONLY, 0);
+			if (fd < 0) {
 				free(keyfile);
 				goto ignorekeynote;
 			}
-			size = (size_t) sb.st_size;
 
-			fd = monitor_open(keyfile, O_RDONLY, 0);
-			if (fd < 0) {
-				log_print("ike_auth_get_key: failed opening "
-				    "\"%s\"", keyfile);
+			if (fstat(fd, &sb) < 0) {
+				log_print("ike_auth_get_key: fstat failed");
 				free(keyfile);
+				close(fd);
 				return 0;
 			}
+			size = (size_t)sb.st_size;
+
 			buf = calloc(size + 1, sizeof(char));
 			if (!buf) {
 				log_print("ike_auth_get_key: failed allocating"
@@ -238,7 +241,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
 				close(fd);
 				return 0;
 			}
-			if (read(fd, buf, size) != (ssize_t) size) {
+			if (read(fd, buf, size) != (ssize_t)size) {
 				free(buf);
 				log_print("ike_auth_get_key: "
 				    "failed reading %lu bytes from \"%s\"",
@@ -1110,7 +1113,6 @@ get_raw_key_from_file(int type, u_int8_t *id, size_t id_len, RSA **rsa)
 {
 	char            filename[FILENAME_MAX];
 	char           *fstr;
-	struct stat     st;
 	FILE           *keyfp;
 
 	if (type != IKE_AUTH_RSA_SIG) {	/* XXX More types? */
@@ -1138,15 +1140,14 @@ get_raw_key_from_file(int type, u_int8_t *id, size_t id_len, RSA **rsa)
 	free(fstr);
 
 	/* If the file does not exist, fail silently.  */
-	if (monitor_stat(filename, &st) == 0) {
-		keyfp = monitor_fopen(filename, "r");
-		if (!keyfp) {
-			log_error("get_raw_key_from_file: monitor_fopen "
-			    "(\"%s\", \"r\") failed", filename);
-			return -1;
-		}
+	keyfp = monitor_fopen(filename, "r");
+	if (keyfp) {
 		*rsa = PEM_read_RSA_PUBKEY(keyfp, NULL, NULL, NULL);
 		fclose(keyfp);
+	} else if (errno != ENOENT) {
+		log_error("get_raw_key_from_file: monitor_fopen "
+		    "(\"%s\", \"r\") failed", filename);
+		return -1;
 	} else
 		LOG_DBG((LOG_NEGOTIATION, 50,
 		    "get_raw_key_from_file: file %s not found", filename));
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 1fab3a52a8c..02d75172594 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.91 2004/06/14 09:55:42 ho Exp $	 */
+/* $OpenBSD: x509.c,v 1.92 2004/06/14 13:53:31 hshoexer Exp $	 */
 /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $	 */
 
 /*
@@ -620,8 +620,9 @@ x509_read_from_dir(X509_STORE *ctx, char *name, int hash)
 #endif
 	FILE           *certfp;
 	X509           *cert;
+	struct stat	sb;
 	char            fullname[PATH_MAX];
-	int             off, size;
+	int             fd, off, size;
 
 	if (strlen(name) >= sizeof fullname - 1) {
 		log_print("x509_read_from_dir: directory name too long");
@@ -647,25 +648,35 @@ x509_read_from_dir(X509_STORE *ctx, char *name, int hash)
 		if (file->d_type != DT_UNKNOWN) {
 			if (file->d_type != DT_REG && file->d_type != DT_LNK)
 				continue;
-		} else {
-			struct stat     sb;
-
-			if (monitor_stat(fullname, &sb) == -1 ||
-			    !(sb.st_mode & S_IFREG))
-				continue;
 		}
 
 		LOG_DBG((LOG_CRYPTO, 60,
 		    "x509_read_from_dir: reading certificate %s",
 		    file->d_name));
 
-		certfp = monitor_fopen(fullname, "r");
-		if (!certfp) {
-			log_error("x509_read_from_dir: monitor_fopen "
-			    "(\"%s\", \"r\") failed",
-			    fullname);
+		if ((fd = monitor_open(fullname, O_RDONLY, 0)) == -1) {
+			log_error("x509_read_from_dir: monitor_open"
+			    "(\"%s\", O_RDONLY, 0) failed", fullname);
+			continue;
+		}
+
+		if (fstat(fd, &sb) == -1) {
+			log_error("x509_read_from_dir: fstat failed");
+			close(fd);
+			continue;
+		}
+
+		if (!(sb.st_mode & S_IFREG)) {
+			close(fd);
 			continue;
 		}
+
+		if ((certfp = fdopen(fd, "r")) == NULL) {
+			log_error("x509_read_from_dir: fdopen failed");
+			close(fd);
+			continue;
+		}
+
 #if SSLEAY_VERSION_NUMBER >= 0x00904100L
 		cert = PEM_read_X509(certfp, NULL, NULL, NULL);
 #else
@@ -714,8 +725,9 @@ x509_read_crls_from_dir(X509_STORE *ctx, char *name)
 #endif
 	FILE           *crlfp;
 	X509_CRL       *crl;
+	struct stat	sb;
 	char            fullname[PATH_MAX];
-	int             off, size;
+	int             fd, off, size;
 
 	if (strlen(name) >= sizeof fullname - 1) {
 		log_print("x509_read_crls_from_dir: directory name too long");
@@ -740,30 +752,41 @@ x509_read_crls_from_dir(X509_STORE *ctx, char *name)
 		if (file->d_type != DT_UNKNOWN) {
 			if (file->d_type != DT_REG && file->d_type != DT_LNK)
 				continue;
-		} else {
-			struct stat     sb;
-
-			if (monitor_stat(fullname, &sb) == -1 ||
-			    !(sb.st_mode & S_IFREG))
-				continue;
-		}
+		} 
 
 		LOG_DBG((LOG_CRYPTO, 60, "x509_read_crls_from_dir: reading "
 		    "CRL %s", file->d_name));
 
-		crlfp = monitor_fopen(fullname, "r");
-		if (!crlfp) {
-			log_error("x509_read_crls_from_dir: monitor_fopen "
-			    "(\"%s\", \"r\") failed", fullname);
+		if ((fd = monitor_open(fullname, O_RDONLY, 0)) == -1) {
+			log_error("x509_read_crls_from_dir: monitor_open"
+			    "(\"%s\", O_RDONLY, 0) failed", fullname);
 			continue;
 		}
+
+		if (fstat(fd, &sb) == -1) {
+			log_error("x509_read_crls_from_dir: fstat failed");
+			close(fd);
+			continue;
+		}
+
+		if (!(sb.st_mode & S_IFREG)) {
+			close(fd);
+			continue;
+		}
+
+		if ((crlfp = fdopen(fd, "r")) == NULL) {
+			log_error("x509_read_crls_from_dir: fdopen failed");
+			close(fd);
+			continue;
+		}
+
 		crl = PEM_read_X509_CRL(crlfp, NULL, NULL, NULL);
 
 		fclose(crlfp);
 
 		if (crl == NULL) {
 			log_print("x509_read_crls_from_dir: "
-			    "PEM_read_bio_X509_CRL failed for %s",
+			    "PEM_read_X509_CRL failed for %s",
 			    file->d_name);
 			continue;
 		}