diff options
author | jrick <jrick@cvs.openbsd.org> | 2024-04-13 15:58:11 +0000 |
---|---|---|
committer | jrick <jrick@cvs.openbsd.org> | 2024-04-13 15:58:11 +0000 |
commit | 9061f6c775cd143bd7d7239efc211be444410f3d (patch) | |
tree | 19c97a0e331249b30e8c7a57e02afa3d32763277 /sbin/iked/parse.y | |
parent | 7aa80bd347243db537ceaceaaf4835b8534d9160 (diff) |
check group and world permissions of iked psk files
Similar to the permission checks performed on iked.conf(5) due to the
possibility of it containing inline psk strings, require psk files to not be
group writable or world read-writable.
ok tobhe@
Diffstat (limited to 'sbin/iked/parse.y')
-rw-r--r-- | sbin/iked/parse.y | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/iked/parse.y b/sbin/iked/parse.y index 5fadcd200e6..b9e6f4d6c1d 100644 --- a/sbin/iked/parse.y +++ b/sbin/iked/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.144 2023/08/11 11:24:55 tobhe Exp $ */ +/* $OpenBSD: parse.y,v 1.145 2024/04/13 15:58:10 jrick Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -1950,8 +1950,8 @@ parsekeyfile(char *filename, struct iked_auth *auth) if ((fd = open(filename, O_RDONLY)) == -1) err(1, "open %s", filename); - if (fstat(fd, &sb) == -1) - err(1, "parsekeyfile: stat %s", filename); + if (check_file_secrecy(fd, filename) == -1) + exit(1); if ((sb.st_size > KEYSIZE_LIMIT) || (sb.st_size == 0)) errx(1, "%s: key too %s", filename, sb.st_size ? "large" : "small"); |