Properly report errors from included files (#1408558)
This commit is contained in:
parent
a97eeb671c
commit
140ef5a0f5
40
openssh-7.4p1-include-errors.patch
Normal file
40
openssh-7.4p1-include-errors.patch
Normal file
@ -0,0 +1,40 @@
|
||||
diff --git a/readconf.c b/readconf.c
|
||||
index fa3fab8..e7eb30d 100644
|
||||
--- a/readconf.c
|
||||
+++ b/readconf.c
|
||||
@@ -1499,7 +1499,7 @@ parse_keytypes:
|
||||
oactive ? "" : " (parse only)");
|
||||
r = read_config_file_depth(gl.gl_pathv[i],
|
||||
pw, host, original_host, options,
|
||||
- flags | SSHCONF_CHECKPERM |
|
||||
+ flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR |
|
||||
(oactive ? 0 : SSHCONF_NEVERMATCH),
|
||||
activep, depth + 1);
|
||||
/*
|
||||
@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw,
|
||||
if (depth < 0 || depth > READCONF_MAX_DEPTH)
|
||||
fatal("Too many recursive configuration includes");
|
||||
|
||||
- if ((f = fopen(filename, "r")) == NULL)
|
||||
+ if ((f = fopen(filename, "r")) == NULL) {
|
||||
+ if (flags & SSHCONF_IGNORE_READERR) {
|
||||
+ error("Can not open configuration file %s", filename);
|
||||
+ return 1;
|
||||
+ }
|
||||
return 0;
|
||||
+ }
|
||||
|
||||
if (flags & SSHCONF_CHECKPERM) {
|
||||
struct stat sb;
|
||||
diff --git a/readconf.h b/readconf.h
|
||||
index cef55f7..4f7d3b4 100644
|
||||
--- a/readconf.h
|
||||
+++ b/readconf.h
|
||||
@@ -190,6 +190,7 @@ typedef struct {
|
||||
#define SSHCONF_USERCONF 2 /* user provided config file not system */
|
||||
#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */
|
||||
#define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */
|
||||
+#define SSHCONF_IGNORE_READERR 16 /* Treat unreadable files as errors; internal only */
|
||||
|
||||
#define SSH_UPDATE_HOSTKEYS_NO 0
|
||||
#define SSH_UPDATE_HOSTKEYS_YES 1
|
@ -230,6 +230,8 @@ Patch944: openssh-7.3p1-x11-max-displays.patch
|
||||
Patch945: openssh-7.4p1-daemon.patch
|
||||
# Whitelist /usr/lib*/ as planed upstream to prevent breakage
|
||||
Patch946: openssh-7.4p1-pkcs11-whitelist.patch
|
||||
# Correct reporting errors from included files (#1408558)
|
||||
Patch947: openssh-7.4p1-include-errors.patch
|
||||
|
||||
|
||||
License: BSD
|
||||
@ -465,6 +467,7 @@ popd
|
||||
%patch944 -p1 -b .x11max
|
||||
%patch945 -p1 -b .daemon
|
||||
%patch946 -p1 -b .pkcs11-whitelist
|
||||
%patch947 -p1 -b .include-errors
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
|
Loading…
Reference in New Issue
Block a user