diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2001-04-05 23:18:54 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2001-04-05 23:18:54 +0000 |
| commit | 73f3648f1ec4f133a2a0e282740d0c0ec4a49fcc (patch) | |
| tree | ae8bb8a1e4dc017fc6ba8f5db9d4d876846cc361 /sbin | |
| parent | 564fc15dbdf5d8fe1c9ec597940095c37d9df036 (diff) | |
As the isakmpd.policy file can contain sensitive information, we want
the same mode checks we use for isakmpd.conf. Style.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/policy.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index f84b1432415..a75f61dd63f 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.26 2001/03/14 21:13:24 tholo Exp $ */ +/* $OpenBSD: policy.c,v 1.27 2001/04/05 23:18:53 ho Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -1512,7 +1512,7 @@ policy_init (void) { char *ptr, *policy_file; char **asserts; - struct stat st; + off_t sz; int fd, len, i; LOG_DBG ((LOG_POLICY, 30, "policy_init: initializing")); @@ -1532,39 +1532,39 @@ policy_init (void) log_fatal ("policy_init: kn_init () failed"); /* Get policy file from configuration. */ - policy_file = conf_get_str ("General", "policy-file"); + policy_file = conf_get_str ("General", "Policy-file"); if (!policy_file) policy_file = POLICY_FILE_DEFAULT; + /* Check file modes and collect file size */ + if (check_file_secrecy (policy_file, &sz)) + log_fatal ("policy_init: cannot read %s", policy_file); + /* Open policy file. */ fd = open (policy_file, O_RDONLY); if (fd == -1) log_fatal ("policy_init: open (\"%s\", O_RDONLY) failed", policy_file); - /* Get size. */ - if (fstat (fd, &st) == -1) - log_fatal ("policy_init: fstat (%d, &st) failed", fd); - /* Allocate memory to keep policies. */ - ptr = calloc (st.st_size + 1, sizeof (char)); + ptr = calloc (sz + 1, sizeof (char)); if (!ptr) - log_fatal ("policy_init: calloc (%d, %d) failed", st.st_size, + log_fatal ("policy_init: calloc (%d, %d) failed", sz + 1, sizeof (char)); /* Just in case there are short reads... */ - for (len = 0; len < st.st_size; len += i) + for (len = 0; len < sz; len += i) { - i = read (fd, ptr + len, st.st_size - len); + i = read (fd, ptr + len, sz - len); if (i == -1) log_fatal ("policy_init: read (%d, %p, %d) failed", fd, ptr + len, - st.st_size - len); + sz - len); } /* We're done with this. */ close (fd); /* Parse buffer, break up into individual policies. */ - asserts = LK (kn_read_asserts, (ptr, st.st_size, &i)); + asserts = LK (kn_read_asserts, (ptr, sz, &i)); /* Begone! */ free (ptr); |